Ransomware-as-a-service has become one of the largest threats to organizations, with cyber criminals in the past five years improving the sophistication of the ransomware while businesses have also added additional layers of cloud infrastructure that can be easily targeted if not properly configured.
A new report by cloud computing and virtualization provider VMWare, “Exposing Malware in Linux-Based Multi-Cloud Environments”, details the increasing threat of ransomware to multi-cloud platforms, of which Linux is used almost exclusively.
SEE ALSO: Ransomware Could Be Headed to the IoT
Weak authentication and misconfigurations in container-based infrastructures, such as Kubernetes, Container Linux and Photon OS, are two of the primary ways attackers are able to infiltrate cloud-based environments.
Once inside the environment, attackers will often implement a ransomware program that forces the organization to pay for access to their data or control of their platform or the cloud-services are rerouted for crypto mining purposes.
In the second instance, VMWare Threat Analysis unit found that the Monero cryptocurrency, infamous for its hard-to-track payment system which has made it a favorite of the dark web, was the currency 89 percent of attackers would mine on their stolen CPU cycles.
Most of the countermeasures to address ransomware in recent years have been targeted at the Windows operating system, however, this focus is misguided, as Linux has become the primary operating system for a lot of ‘behind-the-scenes’ computation, such as cloud computing.
See Also: Continuous Intelligence Insights
This lack of focus has also come at a time when ransomware on Linux is becoming more sophisticated, but it is still not at the level of Windows-based ransomware sophistication. Attacks have become targeted instead of opportunistic, and new ransomware that targets host images has proved illusive to countermeasures.
In most cases, attackers are utilizing readily available tools that have been deployed in Windows-based attacks in the past, such as Cobalt Strike, a well-known remote access tool.
One positive is that Linux has many tools, such as dynamic analysis and continuous host monitoring, which if enabled correctly should prevent ransomware from infecting an organization, or at least warn organizations when they have been compromised.
Suppliers of cloud-based services should make clients and organizations aware of the enhanced risks and promote smart security and governance features to reduce the risks of ransomware and “crypto jacking”.
“Organizations need to bolster their ability to identify and defend against these types of attacks,” said VMWare Threat Analysis Unit in the report. “Given the distributed, dynamic and heterogeneous nature of today’s enterprise workloads and networks, organizations need to extend telemetry across the entire infrastructure—from endpoints to multi-cloud environments. This will allow organizations to better monitor traffic and identify abnormal behavior to mitigate the impact of attacks on the enterprise, while increasing overall efficiencies and reducing operational costs.”
Best Practices for Deploying and Scaling Industrial AIArtificial Intelligence (AI) is transforming industrial operations, helping organizations optimize workflows, reduce downtime, and enhance productivity. Different industry verticals leverage AI in unique ways.Link to The Center for Adaptive Edge Intelligence
The Center for Adaptive Edge IntelligenceAdaptive edge intelligence brings real-time decision-making to the point of data creation, whether from sensors, machines, or cameras.Link to The Value of Vehicle Electrification
The Value of Vehicle ElectrificationElectric vehicles (EVs) present automakers with many design, engineering, and manufactu ring challenges.Link to Accelerating Manufacturing Digital Transformation with Industrial Connectivity and IoT
Accelerating Manufacturing Digital Transformation with Industrial Connectivity and IoTDigital transformation is empowering industrial organizations to deliver sustainable innovation, disruption-proof products and services, and continuous operational improvement.Link to Smart Manufacturing for Automotive
Smart Manufacturing for AutomotiveLeading a transportation revolution in autonomous, electric, shared mobility and connectivity with the next generation of design and development tools.Link to Center for Data Pipeline Automation
Center for Data Pipeline AutomationAs businesses become data-driven and rely more heavily on analytics to operate, getting high-quality, trusted data to the right data user at the right time is essential.Link to Center for Automated Integration
Center for Automated IntegrationThe goal of automated integration is to enable applications and systems that were built separately to easily share data and work together, resulting in new capabilities and efficiencies that cut costs, uncover insights, and much more.Link to Continuous Intelligence: Insights
Continuous Intelligence: InsightsDigital transformation requires continuous intelligence (CI). Today's digital businesses are leveraging this new category of software which includes real-time analytics and insights from a single, cloud-native platform across multiple use cases to speed decision-making, and drive world-class customer experiences.
