Ransomware Attacks Aim Higher at SaaS and Cloud per Dark Reading
Ransomware operators are following that mass migration to the Cloud. Researchers at RiskSense released a report showing a shift in targets to move up the stack, tracking data-dense applications and software as a service, web frameworks and open source tools.
Ransomware attacks are also affecting perimeter technologies, which include VPNs, remote access services and zero trust. And for that initial access, a reported 125 active Ransomware groups are leveraging some critical vulnerabilities, 124 CVEs with active exploits, to gain RCE and privilege escalation. These tactics bypass the need to engage a user. Read the RiskSense report for more details.
Cloud-Native Apps and Supply Chain Security per Dark Reading
Which segues to this topic. The modern programming languages we use are modular, with interchangeable blocks or plugins to provide key functions for text, networking or doing math. The code is shared and available through open source repositories and platforms like GitHub. Per the article, 99% of codebases have components from open source and as much as 70% of code used by enterprises comes from open source.
Welcome to the realities of Third party code, and security issues have become headlines. It’s compromised in Magecart attacks. It’s a conduit for attackers to poison and distribute their malware downstream. Fact is, the flaws and vulnerabilities in that code are now in the attackers’ sights. “The inventory, version and configuration of services in a cloud environment should be looked at as part of the supply chain, including the scripts used by DevOps to provision them”.