Geekzone: technology news, blogs, forums
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
The Cloud is Getting Darker
Posted on 5-Oct-2017 20:47 by Symantec | Filed under: Articles

The Cloud is Getting Darker

We are living in a cloud generation powered by a fundamental shift in the way enterprises, employees and customers use technology. The traditional corporate security perimeter is being transformed by the dominance of hybrid IT infrastructure, growth in personally owned devices, ubiquitous high-speed internet and cloud-based computing platforms. 


Now more than ever, cloud is playing an increasing role in organisations. This does not come as a surprise given the greater speed, the ability to scale, and improved performance and productivity that cloud apps, such as Office 365, Google and Dropbox, bring. However, with cloud usage becoming mainstream, its appeal to attackers has naturally increased. Businesses need to ensure they’re guarded against the new forces of cybercrime.  


While cloud attacks are still in their infancy, 2016 saw the first widespread outage of cloud services as a result of a denial of service (DoS) campaign. The DoS campaign served as a warning for how susceptible cloud services are to malicious attack. Widespread adoption of cloud applications in corporations, coupled with risky user behaviour, is widening the scope for cloud-based attacks. 


Overall the interest and awareness on risks of the cloud generation has gone up, but a lot more needs to be done on the policies and procedures around how those in an organisation use cloud services. A lack of policies and procedures increases the risk of cloud app use. By the end of 2016, the average enterprise organisation was using 928 cloud apps, up from 841 earlier in the year. However, most CIOs think their organisations only use around 30 or 40 cloud apps. What they do not realise is, the increased use of cloud services by organisations and their employees means that companies’ data governance is being eroded, and they are susceptible to weaknesses that exist outside of their organisation. 


Tokenisation of IT


The need for data security, compliance, and residency is also driving CISOs to look for encryption and/or tokenisation solutions to support their Software as a Service (SaaS) initiatives. 


Despite such measures, security challenges remain. Cybercriminal groups are opportunistic in the way they operate, using flaws in legitimate operating systems, tools, and cloud services to compromise networks. To effectively counter such behaviours, CISOs require unparalleled visibility and control over sensitive content that users upload, store and share via the cloud. Rather than relying on one-off fixes and reactive patches to protect confidential information, successful CISOs are eradicating exploitable vulnerabilities by deploying proactive, end-to-end solutions. 


SMEs adopting cloud


Cyber criminals may see SMEs as easy targets because they often have weaker cyber security defenses as compared to larger enterprises. In 2016, 1 in 145 companies with 250 employees or less received malware. SMEs with limited budget spending on IT infrastructure do not have the capacity to build up their security requirements. To ensure cost-savings and efficiency, they often have less robust IT infrastructure, and less manpower dedicated to upkeep cyber security. In some cases, SMEs even do away with cyber security practices entirely – believing that their small size would make them unattractive targets. 


By shifting their infrastructure into the cloud, SMEs could enjoy the levels of agility and data storage secuirty akin to that of an enterprise environment. Of course, it’s equally important that SMEs select the right cloud service provider, who can offer adequate security provision to ensure that their data is protected from basic vulnerabilities. 


Enterprise customers are also moving to the cloud with the objective of sharing information with their business partners, or to allow their employees to be more agile in their work. Rather than spawning an internet facing server and building a security stack around it, they subscribe to highly secure cloud services, and focus on their business objectives in a digital workspace environment. 


Ransomware danger


A number of ransomware attacks against cloud-based services demonstrated the susceptibility of cloud-based data to cybercrime attacks. In a recent high-profile case, tens of thousands of MongoDB open source databases were hijacked and held for ransom. The incident occurred after older MongoDB databases were left open by users in a default configuration setting. While there was no inherent security vulnerability in MongoDB itself, and the company alerted users about this issue, numerous older implementations that hadn’t applied security best practices remained online. More than 27,000


databases were reportedly hijacked. These attacks underlined the need for users to remain vigilant and ensure any open source software they are using is secure. 


There was also a report in early 2016 from a California firm that ran its entire operation through a managed cloud solutions firm. After one of its employees opened a spam email, it found that no one in the company could access the more than 4,000 files it had stored in the cloud. The company had fallen victim to ransomware, specifically TeslaCrypt (Ransom.TeslaCrypt). Fortunately, the cloud provider kept daily backups, but it still took a week for the company’s files to be restored. This is just one example of the amount of disruption ransomware can cause to businesses. 


IoT and cloud: Potential partners in cyber crime


The rush to bring any and all devices online has meant that security is often an afterthought. This was patently evident in the case of CloudPets, internet-connected teddy bears. Spiral Toys’ CloudPets are soft toys that allow children and their parents to exchange recorded messages over the internet. However, researcher Troy Hunt found that the company stored customer data in an unprotected MongoDB that was easy to discover online. This exposed more than 800,000 customer credentials, including emails and passwords, and more than 2 million recorded messages. Hunt said that even though the credentials were secured using secure hashing function bcrypt, a large number of the passwords were weak enough to make it possible to decrypt them. 


This case illustrates how the combination of IoT and cloud can put customer data at risk. Many IoT devices gather personal data and rely on cloud services to store that data in online databases. If those databases are not adequately secured then customer privacy and security is being placed at risk. 


Living off the land


Increased use of cloud services also helps facilitate a trend in attackers opting to “live off the land” instead of developing their own attack infrastructure. Two of the most high-profile cases of 2016—the hacking of the Gmail account of Hillary Clinton’s campaign chief John Podesta,


and the hacking of the World Anti-Doping Agency (WADA)— were facilitated through the use of cloud services. Attackers used social engineering to acquire the password for John Podesta’s Gmail. Additionally, the attackers reportedly used cloud services to exfiltrate the stolen data rather than build custom infrastructure for this purpose. 


Cloud is attractive to attackers as, depending on how it is used and configured, it allows them to bypass local security; data stored on the cloud can be more easily accessible to attackers than data stored on local servers. Targeting cloud services also allows attackers to cause maximum disruption with relatively


little effort—as seen with the Dyn DNS DDoS attack. As the usage of cloud services becomes increasingly common, it stands to reason that attacks on such services will also become more frequent in the future. 


Addressing cloud security through a holistic approach


Limiting employees to using secure, popular file-sharing apps like Office 365 and Box cannot fully mitigate risks to this data from employee misuse or account compromise by hackers. Enforcing smart cloud data governance practices, such as identifying, categorising, and monitoring the use of all cloud data, is critical to prevent data loss. Additionally, following best practices to stay guarded: 


  • Build a cloud security program aligned to both the organisation’s business and security requirements.
  • Reorient the organisation to take a security-first approach in the cloud and regularly include users in continual process enhancement - leverage in application coaching where available.
  • Extend sensitive data monitoring policies and workflows to cloud - based services by integrating on-prem and cloud-based DLP.
  • Integrate a multi-factor authentication solution with the cloud applications and CASB to leverage device and behaviour profiling to block risky login attempts. 

Symantec’s cloud security lifecycle follows a series of repeatable steps that to drive awareness of the importance of cloud security with executive management and cloud users. By refining and repeating this process, organisations can begin to build this awareness. Over time risky cloud usage will decrease due to better controls and deeper understanding of how users can safely use cloud apps and services. 


  • Identify
  • Identify cloud apps
  • Uncover and classify cloud data
  • Identify risky data, activities and users
  • Plan cloud security strategy
  • Detect
  • Monitor for policy violations
  • Detect anomalous user behaviour that could indicate account compromise, data destruction, or data exfiltration
  • Protect
  • Block non-secure apps
  • Define cloud policy
  • Set risk thresholds
  • Communicate policy
  • Enforce policy
  • Respond
  • Quarantine data and users
  • Encrypt and tokenise sensitive content
  • Adjust login requirements when ThreatScore is elevated (MFA)
  • Block downloading of sensitive content
  • Remediate risky exposures in file shares
  • Take appropriate action with HR or legal as necessary
  • Recover
  • Investigate violations and exploits
  • Revise policy
  • Educate users 

Failure to ensure appropriate security protection when using cloud services could ultimately result in higher costs and potential loss of business, thus eliminating any of the potential benefits of cloud computing. Organisations require a new model of integrated security which provides stronger protection, greater visibility and better control of critical assets, users, and data. 


Addressing cloud security holistically creates operational efficiencies and allows New Zealand CISOs to take full advantage of the cloud. This approach guarantees their critical information is secure and protected, giving them the peace of mind they need to lead their companies in the data-driven era. 


Questions to consider when defining a cloud security strategy:


  • How can I build a cloud security advisory board? Do I need one?
  • What are my riskiest cloud apps and services?
  • What are the most critical data types in my organisation?
  • Who are my riskiest cloud users? 

In today’s digital age, data is a critical asset. With the need for quick access to information from anywhere at users’ convenience, the vector of access to critical assets have since expanded. We now find sensitive data stored in cloud services, such as Dropbox and Office 365, and there has been a convergence of tools used for work as well as personal use. As a result, it is no longer sufficient to adopt a traditional approach of building a strong perimeter around data assets and relying Firewalls or Data Loss Prevention solution to confine sensitive data and activities employees to company-issued laptop or desktop. 


While there is no silver bullet when it comes to cyber security, there are best practices that organisation can adopt to drastically reduce the risk of exposure: 


  • People: Educating the users to look out for malicious activity and best practice to handling of sensitive data. Share with them the right way of using cloud application.
  • Processes: Challenging the IT and cyber security teams to always be ready for an attack. Having proper processes in places for users to easily and quickly report malicious activity. Adopt a framework approach (Such as NIST) to holistically review the organisation strategy against threats.
  • Technology: Adopt an integrated cyber security approach where technology integrates into business strategy. In the landscape today, it is no longer enough just to have a technology to address a singular cyber security problem. This is because security threats have evolved to multi-dimensional that could involve many factors such as Cloud, devices and apps. It is important to build an integrated platform or strategy, where security technology need to have telemetry between each other.

More information:

Trending now »

Hot discussions in our forums right now:

2019 Novel Coronavirus Covid-19 Discussion
Created by Batman, last reply by Batman on 5-Aug-2020 07:10 (12725 replies)
Pages... 847 848 849

Posting cash to Australia
Created by Eva888, last reply by andrewNZ on 4-Aug-2020 23:06 (30 replies)
Pages... 2

Mobile number length - 12 digits showing up now?
Created by r0bbie, last reply by Linux on 4-Aug-2020 16:51 (20 replies)
Pages... 2

Chorus ONT with 2 routers
Created by ajc153, last reply by ajc153 on 1-Aug-2020 13:00 (104 replies)
Pages... 5 6 7

I cannot see any mental images, I have aphantasia
Created by LostBoyNZ, last reply by Eva888 on 4-Aug-2020 22:40 (15 replies)

Retailer demands personal information before issuing a refund. How much is too much?
Created by SirHumphreyAppleby, last reply by andrewNZ on 4-Aug-2020 17:27 (28 replies)
Pages... 2

Pumped Storage: what is the scale needed?
Created by OldGeek, last reply by Sidestep on 2-Aug-2020 13:14 (101 replies)
Pages... 5 6 7

Looking for beta testers for small change in forums page
Created by freitasm, last reply by freitasm on 4-Aug-2020 15:15 (34 replies)
Pages... 2 3