Hackers are becoming increasingly able to access and take advantage of vulnerabilities in cloud services, according to a new report published Tuesday.
Palo Alto Networks’s threat research team Unit 42 found that 29 percent of vendors it worked with had potential account compromises in their cloud services. And 32 percent of the groups had set up their networks in a way that publicly exposed at least one cloud storage system, according to the research team.
{mosads}“Malicious actors can use this data to perform traditional identity theft and fraud, and it can also serve as ammunition for social engineering scams, such as phishing,” the researchers wrote of their findings.
Researchers said there is a slowing trend for publicly exposed systems, but they also determined that firms weren’t using best practices like encryption to protect their clouds.
The researchers also found that 23 percent of the firms were missing critical patches for their clouds. That means exposed vulnerabilities hadn’t been fixed, potentially allowing hackers to more easily access the service.
However, attempts to “cryptojack” — or use another’s network to mine for cryptocurrency — happened at just 11 percent of companies.
The report noted that the low level of those attacks likely occur because groups “have an opportunity to get ahead and implement the necessary countermeasures before the next wave of attacks.”