BlackBerry report says data losses increasing due to cloud misconfiguration

Threat actors made “notable achievements” in 2019, according to a new report analyzing trends in cybercrime.

“Their focus on improving encryption routines and concealing malicious payloads through steganography [concealing malware within files or images] raised the bar for security researchers and threat detection solutions,” BlackBerry Cylance said in its 2020 Threat Report. (Registration required).

Hiding code within files isn’t new for attackers. However, the report notes that BlackBerry, in the second half of 2019, discovered attackers are now able to conceal payloads within WAV audio files.

In general, the use of steganography helps adversaries evade detection because the key malicious content is only present in memory, says the report. Detecting and blocking steganography attacks requires effective memory monitoring and threat defences.

Host-encrypted malware is increasing, the report adds, making analysis almost impossible in a lab and decreasing defenders’ understanding of the malicious code and the ability for security solutions to block it.

It also warns that state-sponsored advanced threat groups are exploiting mobile devices “with impunity” to surveil targeted individuals. Other predictions for 2020 include the rise of Crimeware-as-a-Service.

Arguably, the most important part of the report underscores what security experts have been saying for years: Misconfiguration and mistakes are to blame for large breaches of security controls.

“Unfortunately, the majority of notable data breaches in 2019 still resulted from unsecured databases, rather than from sophisticated and novel techniques deployed by modern attackers,” it says. “This was once again the worst year on record for data breaches, and there clearly remains much work to be done in education and firming up security for organizations in the modern era.”

Misconfigured cloud resources led to more than seven billion records being publicly exposed in 2019, says the report. Another way of looking at it is that, on average, there were at least three disclosures of exposures caused by unsecured databases and servers every month.  The report predicts that this will only happen more as organizations increase their use of the cloud.

Organizations can better prepare themselves by embracing a multi-faceted approach to cloud security that includes automated configuration policies to drive continuous integration and reduce human errors, says the report. Adopting threat-intelligence-driven awareness training for developers and increasing visibility of the environment by leveraging network and user behavioural analytics that can spot anomalies in system configuration and user activity can also help.

Separately, a report issued today by security vendor DivvyCloud estimated hat nearly 33.4 billion records were exposed in breaches due to cloud misconfigurations in 2018 and 2019, amounting to nearly $5 trillion in costs to enterprises globally.

Looking at publicly-reported breaches, it found 81 of them could be blamed on cloud misconfiguration in 2018, and 115 in 2019. That’s a 42 per cent increase. Elasticsearch misconfigurations accounted for 20 per cent of all breaches, but these incidents accounted for 44 per cent of all records exposed.

MongoDB misconfigurations accounted for 12 per cent of all incidents, and the number of misconfigured MongoDB instances nearly doubled year over year. However, there were 45 per cent fewer misconfigured Amazon S3 servers in 2019 as compared to 2018.

Click here to get the full report. Registration required.

The BlackBerry report also warns that deep fake technology — the ability to create fake video and audio files — is becoming more widely accessible. This has led to deep fake personas appearing on social media sites and fake voice authorizations being used to commit fraud. It recommends organizations consider training employees on identifying and responding to the indicators of deep fake technology use.

It also cautions that vulnerabilities in the auto industry supply chain, design process, and updating procedures have made vehicles an easy target for attackers.

“Vehicle vulnerabilities may lead to disastrous outcomes if the industry and third-party vendors don’t take steps to improve automobile cybersecurity.”


Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer. Former editor of and Computing Canada. An IT journalist since 1997, Howard has written for several of ITWC's sister publications, including Before arriving at ITWC he served as a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs