Cloud services can help organizations maximize resources, reduce time, boost automation, and relieve them of some security responsibilities.
It’s no wonder that today’s advanced cyber-criminals are leveraging cloud technology to improve and grow their own operations, given its vast value proposition. Businesses are compromised as a result of stolen credentials, and the cloud is making this process more efficient than ever.
It used to be tedious processing stolen credentials
The traditional way of cybercrime via credential theft entails compromising victims and using information-stealing malware to obtain account information. Because of password reuse, any compromised personal account can put a variety of businesses, including employers, in danger.
Once the credentials have been collected, they are transferred to a server controlled by the criminals. Manual processing is impossible with millions of entries, so they use basic searches to locate the best-selling accounts.
The group then goes through this prioritized list, looking for accounts that can have access to a high-value target. There will still be tens of thousands of logs at this point, so the process could take days or weeks.
Accounts that the hacker organization deems valuable but hasn’t utilized are then packed and sold on underground marketplaces. These are the ‘prime cuts,’ which consistently sell well and are simple to process. The remaining information is largely discarded. It could be valuable to the appropriate buyer, but it’s difficult to say who that buyer is.
New cloud-based processes and markets have the potential to boost criminal profits
Attackers have been able to tweak that process thanks to the cloud. They can increase the return on their illicit investments by creating new efficiencies and eliminating waste, just like any other business. After the group has taken their initial portions of the stolen data, the rest can be posted to a ‘Cloud of Logs’ right away.
The ‘Cloud of Logs’ is a stable source of major income for the criminal organization because of the predictable monthly fee model that works so well for streaming services. This simplified approach cuts the time it takes from initial compromise to the user’s data being accessible for sale, and also increases the number of persons affected by a breach.
There will be as many groups picking over the data as the platform allows, rather than just one. More accounts are being monetized, and it might happen in hours rather than weeks. Criminals can target a wider number of companies because they can execute their attacks more effectively, potentially leading to an increase in overall attacks.
Illicit marketplaces are made even more dangerous by specialized talent
Since the information is spread to numerous cyber-criminals specializing in different crimes, the criminal potential of the stolen data is fully exploited. Data reigns supreme in this new business structure more than ever before. To maximize their profits, criminal businesses will need data mining experts. This position will be in the heart of the organization, utilizing machine learning to discover high-value targets and efficiently bundle every data type that will appeal to various customers.
Cloud technologies are frequently used to help companies scale to become more nimble and cost-effective, allowing them to attain their full potential. Criminals use cloud-based logs to achieve the same thing, and hackers, like any other business, are seeking professionals who can help them improve their outcomes.
Also Read: How has Cybercrime gone Mainstream in 2021?
What businesses should know about protection from advanced threats
The time between when information is taken and when it is exploited is getting considerably shorter for the defending company. Organizations today have far less time to discover and respond to a credential theft event. As this criminal business model develops, this trend will only accelerate.
To swiftly detect breaches, organizations should reinforce the core of their security posture. It’s also critical to educate employees on the fundamentals of cybersecurity. Moreover, concentrate efforts on explaining why it’s important to them and how their diligence can assist in protecting the organization.
The risks that organizations face haven’t altered much, but the stakes have risen. Businesses need a sound security strategy to keep ahead of fraudsters as they increase attacks and expand their capabilities in the cloud.
For more such updates follow us on Google News ITsecuritywire News.