Home » Cybersecurity » Cloud Security » Cryptojacking Affected a Quarter of Organizations in the Cloud, Finds Report

Cryptojacking Affected a Quarter of Organizations in the Cloud, Finds Report

by David Bisson on May 16, 2018

Cryptojacking attacks affected a quarter of organizations in their cloud environments, found a recent cloud security report.

In RedLock’s Cloud Security Trends, researchers with the security firm’s Cloud Security Intelligence (CSI) team discovered that 25 percent of organizations had suffered cryptojacking incidents in the cloud. This rate marked a 300 percent increase over the previous quarter (February 2018) at just 8 percent.

Even so, cryptojacking wasn’t the most prolific security issue which organizations encountered in the cloud. Risky configurations topped that list at 51 percent, which means a majority of companies misconfigured and/or exposed a cloud storage service like an Amazon Simple Storage Service (S3) bucket. Account compromises also beat out malicious cryptomining attacks at 27 percent of organizations.

Vulnerabilities were the only threat analyzed for the report over which cryptojacking was more prevalent. Specifically, RedLock’s researchers found that almost a quarter (24 percent) of organizations lacked high-severity patches in the public cloud.

It wasn’t all bad news, though. The report found that the percentage of organizations embracing database encryption, a practice which can help firms reach the General Data Protection Regulation’s (GDPR) pseudonymization requirement, is increasing. 82 percent of cloud-based databases weren’t encrypted a year ago. That percentage decreased to 49 percent in the latest report.

RedLock’s researchers explain in the report that organizations can’t address cryptojacking by the piecemeal implementation of security measures:

The rise of cryptojacking and seemingly misuse of security groups highlights the need for a holistic approach to security in the cloud. A combination of configuration, user activity, network traffic, and host vulnerability monitoring is necessary to detect advanced threats in public cloud environments.

Organizations should also take steps to protect themselves against some of the other threats mentioned in RedLock’s report. For instance, they can (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/cloud/cryptojacking-affected-a-quarter-of-organizations-in-the-cloud-finds-report/

May 16, 2018May 16, 2018 David Bisson Cloud, configuration, Cryptojacking, Latest Security News

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

NIST’s Nine: The PQC Signature Race Moves to Round Three

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

Fortinet® Follies