Industries critical to COVID-19 response suffer surge in cloud cyberattacks

An increase in cloud adoption is being blamed for new security chasms.

Industries and organizations critical to the fight against COVID-19 have faced a surge in cyberattacks due to their rapid transition to cloud platforms in light of the pandemic.

When the world first began to take notice of the global spread of COVID-19, organizations across the globe suddenly found themselves unable to maintain typical working practices. 

Offices were shut, stay-at-home orders imposed, and consumer demands could often only be met through deliveries, virtual services, and e-commerce platforms. 

As a result, the wider enterprise and SMBs alike began making quick transitions from on-prem and legacy systems to the cloud, in order to facilitate remote working models and to pursue new business opportunities. 

Enterprise cloud spending is estimated to have increased by 28% in Q2 2020 alone, year-over-year. However, according to Palo Alto Networks' latest cloud threat report, published on Tuesday, shifting workloads so quickly to the cloud has also meant that businesses are struggling, months later, to manage and automate cloud security -- and have created chasms in company security that can be exploited. 

Industries critical to COVID-19 management have suffered a particular uptick in cloud security incidents. According to the report, retail, manufacturing, and government entities have been struck hardest with attack attempts increasing by 402%, 230%, and 205% respectively during the pandemic. 

Chemical manufacturing and science/research organizations, unsurprisingly, became key targets for cyberattackers due to COVID-19. Notable examples include attacks on vaccine manufacturers and the European Medicines Agency (EMA).

According to Unit 42 data and scans, the most common security issues present in COVID-19-related industries are:

screenshot-2021-04-01-at-11-41-33.png

"This trend is not surprising; these same industries were among those facing the greatest pressures to adapt and scale in the face of the pandemic -- retailers for basic necessities, and manufacturing and government for COVID-19 supplies and aid," Unit 42 says. "[..] Although the cloud allows businesses to quickly expand their remote work capabilities, automated security controls around DevOps and continuous integration/continuous delivery (CI/CD) pipelines often lag behind this rapid movement."

However, not every industry is equal, and some are doing better than others in attempts to secure their cloud workloads. 

Access logging controls, access key rotation, and version control in cloud storage containers -- a way to keep track of changes, implement them, and perform maintenance across cloud systems -- are some of the methods that can be employed to increase cloud security. 

screenshot-2021-04-01-at-11-48-00.png

The team did find, however, that publicly exposed cloud systems, which may leak personally identifiable information (PII) belonging to clients or employees -- as well as sensitive corporate data -- continues to be a problem. The numbers are high: an estimated 30% of organizations that utilize cloud hosting services are believed to be leaking some type of private content online, with access control issues blamed for such widespread exposure. 

Unit 42 recommends that businesses focus on gaining visibility into their cloud workloads, keeping an eye on storage configurations, and both adopting and enforcing security standards in DevOps can all mitigate the threat of attack or accidental data leaks. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0