By Alex Delamotte, Threat Researcher, SentinelLabs, SentinelOne
As India’s digital transformation accelerates, businesses across the nation are increasingly embracing cloud technologies to drive innovation and efficiency. However, this shift has not gone unnoticed by cybercriminals. In 2024, a surge in cloud ransomware attacks is redefining the cyber threat landscape, presenting unique challenges that differ significantly from traditional endpoint security issues.
The new frontier of cyber threats
Unlike conventional ransomware that targets individual computers or on-premises servers, attackers are now setting their sights on cloud infrastructures that host vast amounts of data and critical services. This evolution represents a new frontier in cyber threats, requiring Indian cybersecurity practitioners to rethink and relearn defence strategies.
Traditional security measures and last year’s playbooks are no longer sufficient. Attackers are exploiting misconfigured or poorly secured cloud storage platforms such as Amazon Web Services (AWS) Simple Storage Service (S3) and Microsoft Azure Blob Storage. By identifying cloud storage buckets with overly permissive access controls, cybercriminals gain unauthorised entry, copy data to their own servers, encrypt or delete the original files, and then demand a ransom for their return.
Why cloud storage is a prime target
Cloud storage services are attractive to attackers because they hold vast amounts of valuable data. Misconfigurations—often a result of human error—create vulnerabilities that can be exploited. Once inside, attackers can cause significant disruption by rendering critical data inaccessible, which can be devastating for businesses that rely heavily on cloud services.
A notable example involves a technique outlined by Rhino Security, where attackers target AWS S3 buckets using configuration errors or stolen credentials. They create a new encryption key accessible only to them, effectively locking out the rightful owners. The data cannot be recovered if the victim fails to restore the encryption key within the 7 day window before the cloud service provider permanently deletes the key.
Emerging threats on the horizon
As cloud technologies evolve, so do cybercriminal tactics. Beyond encrypting data within cloud storage, attackers are finding new ways to exploit cloud services for their gain. One alarming trend is the use of legitimate cloud services for data exfiltration, making malicious activities harder to detect. By leveraging trusted cloud services, attackers can bypass traditional security measures that monitor for unusual outbound connections.
Recently, ransomware groups like BianLian and Rhysida have been using Azure Storage Explorer—a legitimate tool provided by Microsoft—to extract data from victim environments. This shift from traditional exfiltration tools to well-known cloud services allows attackers to blend in with normal network traffic, making detection even more challenging.
The unique challenges for Indian businesses
For Indian businesses, these developments pose significant challenges. The rapid adoption of cloud services, sometimes without adequate security measures, has created an environment ripe for exploitation. Moreover, the shortage of skilled cybersecurity professionals in India means that many organisations are ill-equipped to handle these sophisticated threats.
How Businesses Can Prepare and Protect Themselves
Given the increasing sophistication of cloud ransomware attacks, Indian businesses must adopt proactive strategies to safeguard their data and operations.
- Strengthen access controls: Regularly review and update access controls to ensure that only authorised personnel have access to sensitive data. Implement the principle of least privilege to minimise potential entry points for attackers.
- Advanced threat detection: Utilise artificial intelligence (AI) and machine learning (ML) security tools to analyse patterns, detect anomalies, and identify potential threats in real-time. These technologies can process vast amounts of data faster than human analysts, providing a critical edge in threat detection.
- Employee education and training: Human error is a significant vulnerability. Investing in training programs that empower employees to recognise and respond to potential security issues is crucial. Encourage the use of AI tools that help staff identify and manage threats using natural language processing, making cybersecurity everyone’s responsibility.
- Stay informed with threat intelligence: Continuously monitor threat intelligence feeds to receive timely information about new vulnerabilities and attack vectors relevant to your environment. Collaboration with cybersecurity communities can provide valuable insights into emerging threats and attack vectors.
- Implement robust backup solutions: Regularly back up critical data and ensure that backups are stored securely and are not connected to the main network. This practice can significantly reduce the impact of a ransomware attack by enabling swift data recovery without paying a ransom.
Looking ahead: Adapting to the evolving threat landscape
As cloud adoption continues to grow in India, so too will the sophistication of cloud ransomware attacks. Businesses must be prepared to evolve alongside the threat landscape, embracing new technologies and practices to safeguard their data and operations in the cloud.
Collaboration and adaptability are essential. By understanding the unique challenges posed by cloud security, Indian organisations can implement comprehensive strategies that not only protect against current threats but also anticipate future ones. Proactive measures—such as strengthening access controls, adopting advanced threat detection technologies, training employees, and staying informed—are crucial steps in defending against these evolving attacks.
Conclusion
The cloud offers immense opportunities for Indian businesses, but it also presents new risks that cannot be ignored. By focusing on the unique challenges of cloud security compared to traditional endpoint security, organisations can better prepare for and defend against the growing threat of cloud ransomware. In a rapidly digitalising economy, staying ahead of cyber threats is not just about protecting data—it’s about ensuring the continuity and integrity of business operations in an increasingly connected world.
