Recent claims from security authorities in Europe state that cyber-criminals have accelerated in their use of the cloud to launch attacks and exploit vulnerabilities, according to an article published on the Cloud Pro website. The article indicates that these attackers have begun to leverage “the power of the cloud to avoid detection” and take advantage of “off-premise systems” and their benefits. As the report states, “the cloud makes distribution easier” and “more difficult for law enforcers to track them down.” This opens a new playing field for these individuals and groups to set camp and unleash their activities.
Experiences with cyber-criminals has changed dramatically since, as the report states, hackers would have infiltrated “on-premise servers” to do their business and deliver these attacks. Now, since a large majority of data is being lifted to online cloud solutions – which providers surround with discussions that are focused “on how data stored online is kept safe” – it is the most logical target place for them to sight, according to the article. Troels Oertring, head of the European Cybercrime Centre (EC3) at Europol, was quoted in the article saying, “If I want to rob you … [in the non-online world], there is usually some link between the perpetrator and the crime scene…, but not with cyber crime.”
Oertring continues in the article to say, “A difficulty for the police is that normally, if we intend to have evidence, we seize things. We will seize a phone, a computer and server and [from here] find the attribution [and those responsible]. In the very near future from now, the criminals will operate from cloud services and … will be streaming [malware] from the cloud,” and this will make tracing the source of it harder.” The report notes the complexity of their activities since “criminals are unlikely to use the Amazon or Microsoft clouds to run their criminal empires.” Oertring warns in the report by adding, “We already see now that cloud services are being established by criminal entities to make it even more difficult to for us to get attribution.” He goes on to clarify, through his statement in the article, that users should not avoid concern about “legitimate cloud-based systems” since they are not immune from being attacked or exploited.
Read more about this new cyber-battleground in the full article and why authorities remind end users of past breaches of “secured systems” as a valid warning that no one is completely sheltered from these criminals.