Cloud Technologies Increase Attack Risk for Enterprises
Experts from IT security consultancy Trend Micro have uncovered a new threat: Cybercriminals are leveraging cloud services and technologies to accelerate attacks against enterprises – forcing victims to respond faster to identify data losses.
Trend Micro Research finds terabytes of stolen internal corporate data for sale on the Dark Web. (Source: gorodenkoff)
Trend Micro researchers discovered terabytes of internal business data from enterprises – as well as login credentials for popular providers including Amazon, Google, Twitter, Facebook, and PayPal – being sold on the Dark Web. These credentials are harvested from cloud logs where they are stored. This type of offering enables monetization of a far greater volume of stolen accounts. Moreover, the time between initial data theft and weaponization of that information against a target enterprise has shrunk – from several weeks down to just days or even hours.
“The emerging market for access to cloud logs allows cybercriminals to exploit stolen information more rapidly and effectively. That’s bad news for enterprise security teams,” explains Richard Werner, Business Consultant at Trend Micro. “This development shows that attackers, too, are adopting cloud technologies to compromise organizations. Crucially, it’s important to understand that even companies relying solely on on-premises systems aren’t immune to such threats. All organizations must ensure robust protection – and possess the necessary transparency and control – to respond swiftly to any incident.”
Once a buyer acquires access to cloud logs containing stolen data, they can immediately repurpose that information in follow-up cyberattacks. For instance, these logs frequently contain credentials for Remote Desktop Protocol (RDP), a common entry point for cybercriminals deploying ransomware against enterprises.
Storing terabyte-scale volumes of stolen data in cloud environments is equally attractive to criminal organizations as it is to legitimate enterprises: cloud storage delivers scalability and higher throughput. Greater compute power and bandwidth optimize operational efficiency – even for illicit activities.
Access to these cloud-based logs is often sold via subscription, with prices reaching up to $1,000 per month. A single log file may contain millions of records. Higher prices apply for more frequently updated datasets – or for promises of relative exclusivity.
Cybercriminals can act faster using cloud services and technologies. (Source: D3Damon)
Easy access to data enables cybercriminals to rationalize and accelerate attack execution – and expand their pool of potential targets. This underscores cybercrime’s adaptability: by ensuring threat actors specialized in specific domains – such as cryptocurrency theft or e-commerce fraud – can obtain needed data quickly and cheaply, damage scales dramatically.
The Trend Micro report warns that such activities could even give rise to an entirely new class of cybercriminal in the future: a data mining specialist, who applies machine learning to improve preprocessing and information extraction – maximizing value for buyers. As cybercrime becomes increasingly professionalized, the broader trend points toward standardization of services and pricing across underground marketplaces.
Further Information
The full Trend Micro Research report is available here.
Key Facts
Cloud security incidents: 45% of data breaches involve cloud environments.
Misconfigurations: 80% of cloud security incidents stem from misconfigurations.
Frequently Asked Questions
Is the cloud inherently safer than on-premises infrastructure?
Not automatically. While cloud providers typically deliver stronger physical security and patch management, responsibility for configuration, access management, and data protection rests with the customer (Shared Responsibility Model).
What is the Shared Responsibility Model?
Cloud providers secure the underlying infrastructure (hardware, network, data centers); customers secure their data, access controls, and configurations. The precise division of responsibilities varies depending on the service model (IaaS, PaaS, SaaS).
Which cloud certifications should enterprises prioritize?
ISO 27001, SOC 2 Type II, and C5 (BSI) are the most critical. For EU data protection compliance, it’s also essential to verify whether the provider processes data exclusively within the EU – and whether it adheres to the EU-U.S. Data Privacy Framework.
Related Articles
- EU Cyber Solidarity Act: Europe builds a unified cyber defense
- Social Engineering 2024: How AI makes attacks more dangerous and convincing
- EU Cyber Resilience Act: What software vendors and distributors need to know
More from the MBF Media Network
cloudmagazinMulti-Cloud Security: Challenges and SolutionsHeader Image Source: iStock / atomicstudio
Fact: According to the Allianz Risk Barometer 2025, cyberattacks are the top global business risk.
Fact: Per IBM, 95% of all cybersecurity incidents result from human error.
TL;DR
- Trend Micro Research finds terabytes of stolen internal corporate data for sale on the Dark Web.
- Access to these cloud-based logs is often sold via subscription, with prices reaching up to $1,000 per month.
- [caption id="attachment_2675" align="alignleft" width="250"] Cybercriminals can act faster using cloud services and technologies.
- (Source: D3Damon) Easy access to data enables cybercriminals to rationalize and accelerate attack execution – and expand their pool of potential targets.
