Cloud migration, obviously, is here to stay.
Related: Threat actors add human touch to hacks
To be sure, enterprises continue to rely heavily on their legacy, on-premises datacenters. But theres no doubt that the exodus to a much greater dependency on hybrid cloud and multi-cloud resources Infrastructure-as-a-Service (IaaS) and Platforms-as-a-Service (PaaS) is in full swing.
Now comes an extensive global survey from Sophos, a leader in next generation cybersecurity, that vividly illustrates how cybercriminals are taking full advantage. For its State of Cloud Security 2020 survey, Sophos commissioned the polling of some 3,500 IT managers across 26 countries in Europe, the Americas, Asia Pacific, the Middle East, and Africa. The respondents were from organizations that currently host data and workloads in the public cloud.
Sophos found that fully 70% of organizations experienced a public cloud security incident in the last year. Furthermore, 50% encountered ransomware and other malware; 29% reported incidents of data getting exposed; 25% had accounts compromised; and 17% dealt with incidents of crypto-jacking. The poll also showed that organizations running multi-cloud environments were 50% more likely to suffer a cloud security incident than those running a single cloud.
Those findings were eye-opening, yes. But they were not at all surprising. Digital commerce from day one has revolved around companies bulling forward to take full advantage of wondrous decentralized, anonymous characteristics of the Internet, which began a military-academic experiment.
Corporations became obsessed with squeezing productivity out of an intrinsically insecure construct and threat actors became expert at quickly pouncing on fresh attack vectors opened up by this obsession. And now we have that same pattern playing out, once more, with cloud migration.
Deeper implications
Last Watchdog had the chance to drill down on the deeper implications of Sophos cloud security findings, as well as its recent report The State of Ransomware 2020
with two of its top experts, Paul Murray, senior director of product management in Sophos Public Cloud Security Group, and John Shier, senior security advisor. Here are excerpts of our discussion, edited for clarity and length:
LW: Can you frame how threat actors view the current trajectory of cloud migration?
Murray: In the eyes of the adversary, cloud migration brings their targets one step closer, introducing the potential for them to search for and target a larger and more dispersed attack surface area over the Internet. Organizations are typically very aware of physical security measures. However, in the transition to the cloud, the management plane itself is now accessible from anywhere, and organizations need to ensure their configurations are implemented securely in order to prevent discovery by attackers.
LW: So what are cyber criminals focusing on at the moment?
Murray: Attackers are going after the low hanging fruit. New cloud PaaS services, such as shared storage, containers, database services and serverless functions etc. typically cannot have a security agent running on them, so its left up to the organization to securely configure these services.
You wont have to look far to find stories of Amazon S3-related data breaches caused by misconfiguration, where S3 security settings were set to Public. AWS has even released an update to help customers from running afoul of this, one of the biggest causes of cloud data breaches. And shared storage breaches are by no means limited to Amazon customers.
LW: Isnt it more than just taking advantage of low hanging fruit?
Murray: Yes, attackers are moving to more sophisticated attacks, as well. As part of Living off the Land (LOTL) attacks, attackers are automating searches to exploit vulnerabilities in virtual machines. They can exploit cloud provider metadata services, for instance, to access temporary identity and access management (IAM)credentials. This enables them to footprint the customer environment. From there they can gain access to central storage, amongst other things, and finally proceeded to exfiltrate data.
We recently released an article about a malware we dubbed Cloud Snooper. This is a rootkit that establishes an APT-like command-and-control client on a machine . . . In essence it makes the command-and-control traffic look like benign traffic.
LW: Your cloud security report shows how misconfigurations can translate into a major exposure. How so?
Murray: Reading about the thousands of cases out there, youd be forgiven for thinking that attackers are only after an organizations sensitive data in these attacks. In addition to financial data and personal information, one of the main uses of cloud storage accounts like Amazon S3 buckets is to host static website content like HTML files, JavaScript and Cascading Style Sheets (CSS.) Attacks targeting these resources arent targeting exposed data. Instead, they look to maliciously modify website files; this is being done in order to steal the website visitors financial information.
Murray
Both attack chains look the same at the start, with attackers scanning the Internet for misconfigured S3 buckets, using automated S3 scanners. But this is where the attack paths diverge. In your typical S3 data breach, attackers will list and sync the valuable contents to a local disk and then access all the data that was misconfigured in public mode.
In the case of a data modification attack, once access is gained, attackers look for JavaScript content and modify it to include malicious code. Now, when a user visits the infected website, the malicious JavaScript code loads, logging all credit and debit card details entered onto payment forms. This data is then sent to the criminals server.
LW: How much of these new attack vectors stem from high-velocity software development involving microservices assembled in containers?
Murray: DevOps is the great enabler. The challenge for many organizations is that the DevOps process will be employed to automate the build of this infrastructure. Security teams must therefore enable developers to secure their automated process with tools this way security enables digital transformation, rather than holding it back, or, worse still, cause security measures to be worked around in order to maintain agility.
LW: Whats a concrete example of a pervasive exposure opened up by cloud migration?
Murray: We used our cloud security posture management tool, called Sophos Cloud Optix, to learn that two of the most widespread exposure points come from organizations exposing Remote Desk Protocol (RDP) and Secure Shell protocol (SSH.) Cybercriminals are actively searching for these entry points through automated searches. These protocols need to be accounted for.
Organizations need to secure virtual private cloud (VPC) traffic, as well. We all want a simple, sure-fire route to ensure we dont accidentally make a private subnet public. The challenge its been all too easy to do just that, with route tables in a VPC that can only be associated with subnets, and no simple way to specify routing rules to direct traffic to subnets through a firewall when entering VPCs.
LW: Your cloud security report shows a high level of awareness of these exposures 96% concerned yet an apparent low level of corporate will to do something about low staffing levels. How do you explain that?
Murray: Almost half of survey respondents didnt fully understand their responsibilities for securing cloud environments. The problem is in all of the gray areas, where the responsibility is quite literally shared. The platform vendors want to communicate that while they will provide the tools, such as security groups and IAM tools, the subscriber is responsible for implementing them correctly.
Its the same thing as buying a firewall and only adding any-to-any rules. That sounds good in theory, but in practice it means that for a lot of the security provided by the platform, the ultimate responsibility is still with the customer. But just enabling something doesnt make it secure. In order to properly secure a cloud environment, you need a good design and clear use case so you can wield the platform tools effectively and extend them with third party services where needed.
LW: Shifting gears a bit, whats going on with ransomware? Your recent white paper shows its still at as high a level as in 2017? Why so?
Shier: The most significant shift in the ransomware landscape is the switch from a strictly opportunistic model to a more targeted one, and from individuals to businesses. While individuals are still being victimized, the most active ransomware gangs are laser-focused on breaching organizations.
Shier
Less skilled attackers, those focused on infecting individuals, have largely been pushed out of the market, driven by better protection and higher awareness, in favor of more capable professional gangs. This has meant a lower overall incidence of ransomware infections but with increased impact to victims.
LW: What do ransomware attack pattern across the globe look like today?
Shier: Attackers are choosing their targets more deliberately. These gangs still employ some opportunistic methods for target discovery. This includes using scanners to discover unpatched machines or exposed services (i.e. Remote Desktop Services) and the use of automated tools to gain brute-force access to said services. But once inside a network, the humans take over.
Some gangs have also resorted to shaming companies on social media in an effort to increase the likelihood of payment, leaking sensitive information if the victims dont pay, or even urging the employees of victim organizations to put pressure on their IT departments to pay the ransom. Weve also seen the higher end attackers continue to develop and improve their payloads in order to evade detection and increase the rate of successful infections.
LW: GDPR has been in effect for two years now, and your reports show that Europes tougher data protection laws appear to be contributing to a reduced rate of ransomware in the EU? How so?
Shier: Compliance with GDPR has provided an incentive for some companies to do the bare minimum. For example, this could be adding protection to servers where it might have been absent in the past, or implementing multi-factor authentication for all your externally facing accounts and services.
In other cases, encrypting your backups, a good practice from a data protection perspective, has also meant they were useless to criminals as additional extortion pressure. When companies build better security foundations it puts much of the proverbial low hanging fruit out of reach to cybercriminals.
GDPR compliance also requires better visibility into your assets and data. Today, more often than not, ransomware is the last stage acting as a distraction in an attack whose main motivation is data theft. This added visibility provides companies with a chance to spot the initial stages of any attack much sooner.
LW: Your reports show that the U.S. has done well, too. What impact has rising regulation played? Im referring to the New York Department of Financial Services certification rules; and also Californias Consumer Privacy Act and the Department of Defenses Cybersecurity Maturity Model Certification.
Shier: The increased adoption of next-gen security technologies, as well as, regulatory pressure has contributed to better resilience against ransomware attacks. This is true of the U.S. and other regions as well. This is offset, however, by widespread abuse of stolen credentials, lack of ubiquitous multi-factor authentication, too many exposed and vulnerable services, and careless user behavior.
Acohido
Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.
(LW provides consulting services to the vendors we cover.)
Recent Articles By Author
*** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: https://www.lastwatchdog.com/qa-sophos-poll-shows-how-attackers-are-taking-advantage-of-cloud-migration-to-wreak-havoc/
See the original post:
Q&A: Sophos poll shows how attackers are taking advantage of cloud migration to wreak havoc - Security Boulevard
- CTERA Networks Partners with SYNNEX Corporation to Drive Market Demand for Hybrid Cloud Storage, Collaboration and ... [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Cloud storage exempt from Ninefold's uptime boost [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Virsto Named Finalist of 2012 Storage Virtualization & Cloud Awards [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Innovative Hybrid Cloud Storage Solutions Now Available From PROMISE Technology [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Box Talks Integration with BlackBerry 10 and Cloud Storage for Business - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- AG112's Weekly Technology Tutorials Ep.7 Cloud Storage - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Cloud Storage - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Google Cloud Storage Office Hours - 9/5/2012 - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- IBM Cloud Storage -- Future Directions - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Working with best FREE Cloud storage solution - MediaFire - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Best Cloud Storage | How Nate Made $450 His First Hour... - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Cloud Storage Services: Comparison - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Top 10 Free Cloud Storage Services of 2012 - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Cloud Storage Wars - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Secure and Comprehensive Cloud Storage for Health IT - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Free Cloud Storage! - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Microsoft SkyDrive Cloud Storage - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Top 16 Android Cloud Storage Apps Quick Breakdown - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Up to 48GB of FREE Cloud Storage, 14GB Guaranteed - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Nasuni's CEO To Speak At Interop On The Secure Use Of Cloud Storage [Last Updated On: October 6th, 2012] [Originally Added On: October 6th, 2012]
- Oracle vs Amazon Cloud Storage: OpenWorld 2012 - Video [Last Updated On: October 6th, 2012] [Originally Added On: October 6th, 2012]
- Apple extends iCloud storage for another year [Last Updated On: October 7th, 2012] [Originally Added On: October 7th, 2012]
- Interush Introduces Convenient Cloud-Based Storage Service with Release of PHYTTER DOCK Application [Last Updated On: October 9th, 2012] [Originally Added On: October 9th, 2012]
- Get a free 15GB cloud-storage account from 4Sync [Last Updated On: October 9th, 2012] [Originally Added On: October 9th, 2012]
- Cloud Solutions Increase Customer Engagement and Retention [Last Updated On: October 9th, 2012] [Originally Added On: October 9th, 2012]
- Pogoplug offering 100GB of cloud storage to UK users for just £19.99 a year [Last Updated On: October 10th, 2012] [Originally Added On: October 10th, 2012]
- New vFoglight Storage 2.0 Provides Integrated Application to Disk Performance Monitoring [Last Updated On: October 10th, 2012] [Originally Added On: October 10th, 2012]
- Lunacloud Deploys Cloudian® To Grow Business, Offer S3 Compatible Cloud Storage [Last Updated On: October 11th, 2012] [Originally Added On: October 11th, 2012]
- New Cloud Storage Company, ZapDrive, Launches Today Offering 100 GB for $19.99/year. [Last Updated On: October 11th, 2012] [Originally Added On: October 11th, 2012]
- Otixo Adds Ubuntu One to Aggregated Cloud Storage Lineup [Last Updated On: October 11th, 2012] [Originally Added On: October 11th, 2012]
- Cloud Storage Reviews Announcement Video - Video [Last Updated On: October 11th, 2012] [Originally Added On: October 11th, 2012]
- Cloud storage outage strikes Macquarie Telecom [Last Updated On: October 11th, 2012] [Originally Added On: October 11th, 2012]
- Online-Storage.com is Now SIO.CO [Last Updated On: October 11th, 2012] [Originally Added On: October 11th, 2012]
- C2C Maximizes eMail Archiving Flexibility and Control With Support for the Hybrid Cloud [Last Updated On: October 11th, 2012] [Originally Added On: October 11th, 2012]
- OwnCloud: Build your own or manage your public cloud storage services [Last Updated On: October 12th, 2012] [Originally Added On: October 12th, 2012]
- Ubuntu's cloud storage service hits Mac in beta, with 5GB free [Last Updated On: October 12th, 2012] [Originally Added On: October 12th, 2012]
- Akitio Cloud Hybrid Review: Convenient NAS and USB Storage in One [Last Updated On: October 13th, 2012] [Originally Added On: October 13th, 2012]
- Symform Hires Senior Sales Executive to Build Global Partnerships as Distributed Cloud Storage Network Surpasses 5.5 ... [Last Updated On: October 15th, 2012] [Originally Added On: October 15th, 2012]
- Get an extra 25GB of storage in the Dropbox Great Space Race [Last Updated On: October 16th, 2012] [Originally Added On: October 16th, 2012]
- Microsoft Acquires StorSimple To Increase Cloud Storage Capabilities [Last Updated On: October 17th, 2012] [Originally Added On: October 17th, 2012]
- Inktank-Metacloud Partnership Enhances Fully Managed Private Cloud Solution With Enterprise-Class Storage [Last Updated On: October 17th, 2012] [Originally Added On: October 17th, 2012]
- Citrix and NetApp Collaborate to Simplify Cloud Storage [Last Updated On: October 17th, 2012] [Originally Added On: October 17th, 2012]
- Microsoft Acquires Leader In Cloud-integrated Storage [Last Updated On: October 17th, 2012] [Originally Added On: October 17th, 2012]
- Microsoft Buys StorSimple for Enterprise Cloud Storage [Last Updated On: October 18th, 2012] [Originally Added On: October 18th, 2012]
- FreedomPACS, Radiology PACS and Cloud Image Storage Provider, Releases Results of County Hospital Case Study ... [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Nirvanix Selects Brocade as Networking Backbone for Global Cloud Expansion [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Pogoplug offers unlimited cloud storage for $5 a month [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- NTT Communications Chooses Cloudian® S3 compatible Object Storage Platform for Multi Petabyte Cloud Storage as a Service [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- TwinStrata and Google to Host "Beyond Disaster Recovery: Integrating Cloud Storage into Your IT Strategy" Seminar [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Cloud Storage Reviews Outlines "How SugarSync Works" In Latest Guide [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Symform Challenges Users to Think Beyond Centralized Data Centers With Its 'Byte Me' Promotion [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Avere to tart up FTX with cloud storage gateway, mutterings foretell [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Deals WD My Book Live Personal Cloud Storage 2 TB Network Attached Best Price 2012 - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Create and Manage Your Own Cloud Storage Free - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Free Cloud Space 100GB - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- DuraCloud Brown Bag Series: How DuraCloud is Different From Amazon - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- PocketCloud Explore - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Free 1TB Cloud storage - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Store your files on WEB for free - Unlimited and better than dropbox - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- CloudBackupNow - Retention Policy (with audio) - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- CloudBackupNow - Retention Policy - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- CloudBackupNow - Primer II - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- ERP Data Capture animation - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Cash rains DOWN on the Cloud - Nasuni trousers $20m [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- My PC Backup Review The Cloud Storage Service For You - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Samsung ATIV S Review - Phones 4u - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Trust Me mv - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Product Webinar: Collaborating and Exchanging Large Data at Distance with Faspex 3.0 - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- DT Daily: Facebook takes aim at Craigslist, Halo 4 reviews a - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- 2 MCSE Private Cloud Storage Basics - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Gladinet Cloud Enterprise Quick Start Guide - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Installing OfficeDrop Mac File Sync - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- OfficeDrop Mac File Sync - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Secure Cloud Storage - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Windows Phone 8: Lenese integrates apps in the camera app - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Graphic Video on Wuala Secure Cloud Storage from Paula Hansen and Chart Magic - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Hurricane Sandy Cheat Meal Run to Tastee Diner - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Cloud Zow Review - Cloudzow Review | Marketing Secret Revealed - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- What is Cloud Storage? - Video [Last Updated On: November 4th, 2012] [Originally Added On: November 4th, 2012]
- Perfume - Chocolate Disco [ hide@BSB Battle In Feb. Remix ] - Video [Last Updated On: November 4th, 2012] [Originally Added On: November 4th, 2012]