Security News > 2021 > December > Convergence Ahoy: Get Ready for Cloud-Based Ransomware
Oliver Tavakoli, CTO at Vectra AI, takes us inside the coming nexus of ransomware, supply-chain attacks and cloud deployments.
Why are ransomware and the supply chain coming together? Historically, what started out as nation-state techniques make their way into pen-testing and red teaming tools and eventually become commoditized in attacks undertaken by hackers seeking profit.
There's no reason to think the same won't happen in this case; thus, it is useful to consider tools and techniques employed in supply-chain attacks as a harbinger of what is to come to ransomware attacks.
Many nation-state attacks involve cloud components - they often mix and match traditional on-prem steps in an attack with steps taken in the cloud.
As almost every piece of data of value moves to the cloud, either into SaaS applications or into public-cloud stacks, attackers will undoubtedly follow to the cloud as the pickings for on-premise attacks become slim.
Cloud systems come with incredibly powerful APIs - particularly for privileged credentials - which enable attackers to rapidly progress to their ultimate goal.