惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Recorded Future
Recorded Future
C
Cyber Attacks, Cyber Crime and Cyber Security
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Scott Helme
Scott Helme
Cyberwarzone
Cyberwarzone
C
CERT Recently Published Vulnerability Notes
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
P
Palo Alto Networks Blog
Google Online Security Blog
Google Online Security Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
WordPress大学
WordPress大学
博客园 - 聂微东
L
LINUX DO - 最新话题
月光博客
月光博客
小众软件
小众软件
T
Troy Hunt's Blog
A
Arctic Wolf
量子位
I
Intezer
大猫的无限游戏
大猫的无限游戏
T
Tailwind CSS Blog
S
Schneier on Security
Schneier on Security
Schneier on Security
NISL@THU
NISL@THU
T
Threat Research - Cisco Blogs
TaoSecurity Blog
TaoSecurity Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
博客园_首页
有赞技术团队
有赞技术团队
N
News and Events Feed by Topic
美团技术团队
The Cloudflare Blog
P
Privacy International News Feed
S
Security Affairs
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
G
GRAHAM CLULEY
N
News | PayPal Newsroom
Apple Machine Learning Research
Apple Machine Learning Research
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
L
LINUX DO - 热门话题
V
Vulnerabilities – Threatpost
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
C
CXSECURITY Database RSS Feed - CXSecurity.com
宝玉的分享
宝玉的分享
Application and Cybersecurity Blog
Application and Cybersecurity Blog
IT之家
IT之家
Hacker News: Ask HN
Hacker News: Ask HN
雷峰网
雷峰网

WhatIs

Strategic IT outlook: Tech conferences and events calendar | TechTarget 8 AI use cases in manufacturing Enterprises are making an AI native transformation Zero trust in the IT ops stack: Securing hybrid workloads How algorithmic value sets enhance clinical decision-making Top methods for collecting customer feedback Build a data governance team that delivers results How to calculate the total cost of ownership of ERP software Communities call for transparency in AI data center deals Scalable IT infrastructure: Balancing speed with stability How health systems are tackling 'Kill the Clipboard' obstacles Understanding the science behind AI-based hiring assessments Tape's strategic role in modern data protection How to choose an HR software system in 2026: A complete guide The UC stack gets the policy job Top zero-trust use cases in the enterprise 13 top IT infrastructure conferences in 2026 SNMP vs. CMIP: What's the difference? 3 essential network analytics use cases AI Security Risks Force CIOs to Rethink Strategy Red Hat Summit 2026 news and conference guide | TechTarget What is HR technology (human resources tech)? Understand, optimize and track customer journey touchpoints Should IT use Apple Business Manager without MDM? Build and organize an effective machine learning team The storage modernization imperative in a fast-changing IT landscape Procurement automation use cases for CSCOs to consider 3 steps for health system leaders to drive patient safety culture What is DevOps? Meaning, methodology and guide Enterprises Face New Storage Bottlenecks as AI Grows A guide to Intune Suite licensing for endpoint management Epic controls 42% of the US EHR market. Does that help or hurt interoperability? SAP Sapphire 2026 news, trends and analysis | TechTarget How to develop a data governance strategy: 7 key steps 12 generative AI tools for marketing and sales teams Top 9 smart contract platforms to consider in 2026 Top 8 e-signature software providers for 2026 Rise with SAP vs. S/4HANA Cloud: What are the differences? How businesses use KPIs to measure AI's performance 5 clues your network has shadow AI How do digital signatures work? Collaboration security and governance must be proactive Compare SAP greenfield vs. brownfield approach for S/4HANA Merck, Home Depot tap Gemini Enterprise for AI agent development Rural challenges may dampen digital healthcare's potential Build an ethical AI framework: 12 top resources The great workload reshuffle: Choices for AI and analytics How to remove a device from Intune enrollment Cisco unveils quantum network advancements 3 BYOD security risks and how to prevent them 10 of the top carbon accounting software 8 trends powering machine learning's dynamic new roles Network engineers must take the lead to push DDI to the cloud How does Microsoft 365 Copilot pricing and licensing work? ONC highlights behavioral health EHR adoption trends, data exchange barriers LLMs struggle with clinical reasoning, study finds Democratizing AI in business: The good, bad and ugly What can organizations do to address BYOD privacy concerns? Fix the service path before you optimize it with AI How AI reshapes upselling in customer experience platforms When collaboration starts becoming operational drag Balancing health AI management with growing vendor sprawl Career cure for AI phobia: Be a beekeeper, not a worker bee 16 top applicant tracking systems for 2026 How a rural community hospital deploys AI to detect heart disease 8 examples of document version control Guide to 30+ sustainability certifications for professionals AI agents are only as smart as the data that feeds them AI could earn trust in transactional work first How to fix keyboard connection issues on a remote desktop How to add and enroll devices to Microsoft Intune 11 DevSecOps best practices to prioritize in 2026 6 key components of a successful data strategy How to enable Copilot in Microsoft 365: A step-by-step guide What CIOs need to know about Meta's proposed CEO AI agent Top AI recruiting tools and software of 2026 How contact centers detect and prevent fraud 10 essential skills for modern contact center agents Beyond the chatbot: Engineering the agentic enterprise AI in business intelligence: How to manage it effectively Why legacy networks are a growing liability Failure is an option as an IT leadership tool How HR can create a successful change management strategy HR AI is becoming a change management story Digital transformation: Balancing speed and governance RSAC 2026 Conference: Key news and industry analysis | TechTarget 8 best practices for a bulletproof IAM strategy 5 customer journey phases businesses should understand 12 top HR software and tool options to consider in 2025 6 contact center trends shaping the future of customer service Contact center monitoring best practices for CX leaders Cloud vs. local backup: Which is right for your organization? 6 steps for when remote desktop credentials are not working How governance maturity affects M&A integration outcomes Inside the push to turn AI agents into suite functionality How should contact centers use AI today? Accenture global health lead on scaling AI in healthcare with governance and intent 10 best free DevOps certifications and training courses in 2026 What is compensation management? What CIOs must know about bossware strategy
Attackers targeting storage infrastructure for remote work
2026-05-11 · via WhatIs

Robert Sheldon

By

Published: 11 May 2026

Threat actors are no longer content with targeting endpoint systems. They have more to gain if they go after storage infrastructure directly. An enterprise data breach can provide them with access to vast amounts of valuable data, with the least amount of effort. By taking advantage of on-premises and cloud storage vulnerabilities, attackers can exploit storage backup security flaws, launch ransomware targeting storage systems, carry out credential theft and exfiltration, and in other ways compromise data.

Why target storage infrastructure?

We've entered a new era in cybercrime, with storage the next frontier. Threat actors are going directly after storage infrastructure because it contains large stores of high-value data, including personal information, intellectual property, file shares, system logs, source code, configuration files, financial records, AI training data and much more.

Storage infrastructure also hosts backups and snapshots, which have become prime targets for enterprise cyber threat actors who want to neutralize recovery capabilities before carrying out their extortion campaigns. Stored data might also include credentials, service account keys, connection strings or other access data, making it possible for attackers to move laterally through an organization's systems, spreading the blast radius even further.

By attacking storage infrastructure, threat actors can maximize their impact far more efficiently than they can achieve by going after individual endpoints. Once they infiltrate a storage system, they can release ransomware that targets the storage systems. They might also destroy backups, corrupt data, steal data or manipulate information and settings. They might also use the stolen credentials to branch out to other connected systems and third-party services.

A storage infrastructure attack can impact an organization in many ways, including regulatory fines, loss of productivity, reputational damage, operational disruption, revenue loss, recovery costs, exposed data and legal expenses. Threat actors are particularly interested in cloud storage, such as carrying out Azure Blob Storage attacks, because these platforms often house massive amounts of high-value data.

Despite these threats, many storage systems lack comprehensive protections, relying instead on endpoint and network security to protect the data. For example, a storage system might use shared credentials or unmanaged service accounts, fail to employ zero-trust for storage access, assign over-privileged access to resources, or lack proper monitoring or network segmentation.

Storage systems are also commonly misconfigured, especially in complex hybrid cloud environments, leaving their systems susceptible to enterprise cyber threat actors who take advantage of cloud storage vulnerabilities, including storage backup security flaws.

Given the lack of protections, along with the amount and quality of data, threat actors have been steadily switching their focus from endpoints to storage infrastructure. This momentum is also fueled by the growing effectiveness of endpoint security platforms, which make it more difficult to carry out traditional attacks against managed devices. In addition, threat actors recognize the importance of going after an organization's backups directly and using storage as a pivot point for permission escalation and lateral movement into other systems and data stores.

Remote work cybersecurity risks

When employees work remotely, they access storage resources from outside the safety of the internal corporate network and perimeter firewall. They might connect from their homes, hotel rooms, cafes, airports, mobile hotspots or other public locations, using a variety of devices and connection protocols. If they're traveling, they might be connecting from just about any place in the world, often at any time of day or night.

IT teams have no control over or visibility into outside networks, making it difficult to predict access patterns or identify subtle anomalies in behavior. At the same time, remote networks often have weaker protections in place and are not as carefully implemented or maintained. For example, a Wi-Fi network might be set up with default account passwords, or the router might be running unpatched firmware, leaving the network susceptible to different types of attacks, such as man-in-the-middle attacks.

Risk factors in remote work.
Cybersecurity teams need to be prepared for these security issues with employees who work remotely.

IT teams also have limited control over the remote endpoints and their users' behavior when working remotely. Remote users might use personal devices that lack enterprise protections such as data loss prevention or endpoint detection and response. The devices might also be running outdated or unpatched software or lack proper antimalware protection. In addition, users might share their devices with other people, leave the devices unlocked or lying around, or in other ways fail to protect their devices from potential risks.

When an organization supports remote workers, identity becomes the new perimeter, rather than firewalls and other network protections. Remote work relies extensively on identity and access management, multifactor authentication (MFA), single sign-on and other access technologies to protect corporate resources. If any of these are compromised, attackers might be able to access network resources without being detected.

Remote workers also rely on different types of access mechanisms when connecting to corporate resources. For example, they might use VPNs, Remote Desktop Protocol sessions or cloud storage APIs. Any of these can be misconfigured or outdated, giving threat actors additional remote access attack vectors.

In addition, organizations often loosen permissions on resources to support greater flexibility and collaboration and increase productivity among remote workers. Users might also get careless in their everyday operations, such as failing to use MFA when connecting to resources or storing API keys on their computers.

Remote work also increases the risks of shadow IT. Workers might use tools or data services not sanctioned by IT, such as storing sensitive data in their personal Dropbox accounts or maintaining their own GitHub repositories for proprietary source code. Shadow IT can lead to fragmented and compromised data, as well as uncontrolled data sprawl, while denying IT teams the visibility they need to safeguard that data.

For all these reasons, remote workers have become prime targets for credential theft, MFA fatigue attacks, OAuth abuse and other threats, increasing the risk of storage infrastructure attacks. This, in turn, can lead to ransomware targeting storage systems, credential theft and exfiltration, and other types of data compromise.

How a successful cyberattack can impact an organization

More than ever, enterprise cyber threat actors are targeting on-premises and cloud storage vulnerabilities, taking advantage of remote work cybersecurity risks wherever possible. A successful attack can have a devastating impact on remote work, as well as the storage infrastructure and organization as a whole:

  • Remote work. If storage becomes unavailable because of a cyberattack, remote workers can no longer access the data they need, nor can the applications that rely on that data continue to operate properly. In many cases, work stops completely or is severely handicapped, resulting in lost productivity and the inability to meet business objectives and carry out strategic initiatives. In addition, users must often contend with credential resets, tighter access controls and modifications to operations and workflows, along with uncertainty about whether they can trust the data.
  • Storage infrastructure. An attack on storage can result in data encryption, corruption, modification, deletion or exfiltration. Any data housed in that system can be compromised -- including backups, snapshots, metadata, system settings and credentials -- and the organization can no longer rely on the data's integrity, accuracy or completeness. The storage infrastructure might also be physically damaged or suffer resource exhaustion, perhaps causing systems to overheat or fail. In some cases, the storage controller firmware is corrupted. Attackers might also steal or update security and configuration settings and then prevent authorized access or use the information to access other data or systems.
  • Organization. A successful attack on storage infrastructure can impact an organization in a number of significant ways. The financial impact alone can be staggering. The organization can face ransom costs, legal fees, regulatory fines, incident response and recovery costs, forensic service fees and much more. The organization might also experience lower productivity, lose revenue and even see a drop in its market value, while suffering considerable reputational damage that can take years to repair.

According to IBM's Cost of a Data Breach Report 2025, the global average cost of a data breach was $4.4 million for that year. This is actually a 9% decrease from the previous year, which IBM attributes to faster identification and containment. However, an enterprise data breach can cost an organization much more.

In May 2025, for example, Coinbase was the victim of a cyberattack on its customer data. According to a Coinbase press release, "Cyber criminals bribed and recruited a group of rogue overseas support agents to steal Coinbase customer data to facilitate social engineering attacks." The threat actors demanded $20 million in ransom fees, which the company refused to pay. Instead, Coinbase set up a $20 million reward fund for information leading to the arrest and conviction of those responsible for the attack. At the time, it was widely reported that Coinbase estimated the attack could cost the company up to $400 million.

Tools for protecting the storage infrastructure

An organization can protect its storage infrastructure from enterprise cyber threat actors only if IT and security teams have the tools they need to safeguard the data and protect the environment in which it resides. The following table provides an overview of some of the more popular tools available for protecting data and storage infrastructure. However, these are just a sample of the different types of products out there. An organization should carefully vet and choose tools that best work for their circumstances and storage environments.

Regardless of the tools they choose, IT and security teams must still be diligent in securing their storage systems, such as implementing zero-trust for storage access, safeguarding remote access attack vectors, air gapping backups and snapshots as well as encrypting audit logs. They should also ensure that their storage security is properly integrated into the organization's larger security strategy to ensure consistent and complete protection wherever the data resides and however it is accessed.

Dig Deeper on Storage architecture and strategy