Cloud migration, obviously, is here to stay.
Related: Threat actors add human touch to hacks
To be sure, enterprises continue to rely heavily on their legacy, on-premises datacenters. But theres no doubt that the exodus to a much greater dependency on hybrid cloud and multi-cloud resources Infrastructure-as-a-Service (IaaS) and Platforms-as-a-Service (PaaS) is in full swing.
Now comes an extensive global survey from Sophos, a leader in next generation cybersecurity, that vividly illustrates how cybercriminals are taking full advantage. For its State of Cloud Security 2020 survey, Sophos commissioned the polling of some 3,500 IT managers across 26 countries in Europe, the Americas, Asia Pacific, the Middle East, and Africa. The respondents were from organizations that currently host data and workloads in the public cloud.
Sophos found that fully 70% of organizations experienced a public cloud security incident in the last year. Furthermore, 50% encountered ransomware and other malware; 29% reported incidents of data getting exposed; 25% had accounts compromised; and 17% dealt with incidents of crypto-jacking. The poll also showed that organizations running multi-cloud environments were 50% more likely to suffer a cloud security incident than those running a single cloud.
Those findings were eye-opening, yes. But they were not at all surprising. Digital commerce from day one has revolved around companies bulling forward to take full advantage of wondrous decentralized, anonymous characteristics of the Internet, which began a military-academic experiment.
Corporations became obsessed with squeezing productivity out of an intrinsically insecure construct and threat actors became expert at quickly pouncing on fresh attack vectors opened up by this obsession. And now we have that same pattern playing out, once more, with cloud migration.
Last Watchdog had the chance to drill down on the deeper implications of Sophos cloud security findings, as well as its recent report The State of Ransomware 2020
with two of its top experts, Paul Murray, senior director of product management in Sophos Public Cloud Security Group, and John Shier, senior security advisor. Here are excerpts of our discussion, edited for clarity and length:
LW: Can you frame how threat actors view the current trajectory of cloud migration?
Murray: In the eyes of the adversary, cloud migration brings their targets one step closer, introducing the potential for them to search for and target a larger and more dispersed attack surface area over the Internet. Organizations are typically very aware of physical security measures. However, in the transition to the cloud, the management plane itself is now accessible from anywhere, and organizations need to ensure their configurations are implemented securely in order to prevent discovery by attackers.
LW: So what are cyber criminals focusing on at the moment?
Murray: Attackers are going after the low hanging fruit. New cloud PaaS services, such as shared storage, containers, database services and serverless functions etc. typically cannot have a security agent running on them, so its left up to the organization to securely configure these services.
You wont have to look far to find stories of Amazon S3-related data breaches caused by misconfiguration, where S3 security settings were set to Public. AWS has even released an update to help customers from running afoul of this, one of the biggest causes of cloud data breaches. And shared storage breaches are by no means limited to Amazon customers.
LW: Isnt it more than just taking advantage of low hanging fruit?
Murray: Yes, attackers are moving to more sophisticated attacks, as well. As part of Living off the Land (LOTL) attacks, attackers are automating searches to exploit vulnerabilities in virtual machines. They can exploit cloud provider metadata services, for instance, to access temporary identity and access management (IAM)credentials. This enables them to footprint the customer environment. From there they can gain access to central storage, amongst other things, and finally proceeded to exfiltrate data.
We recently released an article about a malware we dubbed Cloud Snooper. This is a rootkit that establishes an APT-like command-and-control client on a machine . . . In essence it makes the command-and-control traffic look like benign traffic.
LW: Your cloud security report shows how misconfigurations can translate into a major exposure. How so?
Both attack chains look the same at the start, with attackers scanning the Internet for misconfigured S3 buckets, using automated S3 scanners. But this is where the attack paths diverge. In your typical S3 data breach, attackers will list and sync the valuable contents to a local disk and then access all the data that was misconfigured in public mode.
LW: How much of these new attack vectors stem from high-velocity software development involving microservices assembled in containers?
Murray: DevOps is the great enabler. The challenge for many organizations is that the DevOps process will be employed to automate the build of this infrastructure. Security teams must therefore enable developers to secure their automated process with tools this way security enables digital transformation, rather than holding it back, or, worse still, cause security measures to be worked around in order to maintain agility.
LW: Whats a concrete example of a pervasive exposure opened up by cloud migration?
Murray: We used our cloud security posture management tool, called Sophos Cloud Optix, to learn that two of the most widespread exposure points come from organizations exposing Remote Desk Protocol (RDP) and Secure Shell protocol (SSH.) Cybercriminals are actively searching for these entry points through automated searches. These protocols need to be accounted for.
Organizations need to secure virtual private cloud (VPC) traffic, as well. We all want a simple, sure-fire route to ensure we dont accidentally make a private subnet public. The challenge its been all too easy to do just that, with route tables in a VPC that can only be associated with subnets, and no simple way to specify routing rules to direct traffic to subnets through a firewall when entering VPCs.
LW: Your cloud security report shows a high level of awareness of these exposures 96% concerned yet an apparent low level of corporate will to do something about low staffing levels. How do you explain that?
Murray: Almost half of survey respondents didnt fully understand their responsibilities for securing cloud environments. The problem is in all of the gray areas, where the responsibility is quite literally shared. The platform vendors want to communicate that while they will provide the tools, such as security groups and IAM tools, the subscriber is responsible for implementing them correctly.
Its the same thing as buying a firewall and only adding any-to-any rules. That sounds good in theory, but in practice it means that for a lot of the security provided by the platform, the ultimate responsibility is still with the customer. But just enabling something doesnt make it secure. In order to properly secure a cloud environment, you need a good design and clear use case so you can wield the platform tools effectively and extend them with third party services where needed.
LW: Shifting gears a bit, whats going on with ransomware? Your recent white paper shows its still at as high a level as in 2017? Why so?
Shier: The most significant shift in the ransomware landscape is the switch from a strictly opportunistic model to a more targeted one, and from individuals to businesses. While individuals are still being victimized, the most active ransomware gangs are laser-focused on breaching organizations.
Less skilled attackers, those focused on infecting individuals, have largely been pushed out of the market, driven by better protection and higher awareness, in favor of more capable professional gangs. This has meant a lower overall incidence of ransomware infections but with increased impact to victims.
LW: What do ransomware attack pattern across the globe look like today?
Shier: Attackers are choosing their targets more deliberately. These gangs still employ some opportunistic methods for target discovery. This includes using scanners to discover unpatched machines or exposed services (i.e. Remote Desktop Services) and the use of automated tools to gain brute-force access to said services. But once inside a network, the humans take over.
Some gangs have also resorted to shaming companies on social media in an effort to increase the likelihood of payment, leaking sensitive information if the victims dont pay, or even urging the employees of victim organizations to put pressure on their IT departments to pay the ransom. Weve also seen the higher end attackers continue to develop and improve their payloads in order to evade detection and increase the rate of successful infections.
LW: GDPR has been in effect for two years now, and your reports show that Europes tougher data protection laws appear to be contributing to a reduced rate of ransomware in the EU? How so?
Shier: Compliance with GDPR has provided an incentive for some companies to do the bare minimum. For example, this could be adding protection to servers where it might have been absent in the past, or implementing multi-factor authentication for all your externally facing accounts and services.
In other cases, encrypting your backups, a good practice from a data protection perspective, has also meant they were useless to criminals as additional extortion pressure. When companies build better security foundations it puts much of the proverbial low hanging fruit out of reach to cybercriminals.
GDPR compliance also requires better visibility into your assets and data. Today, more often than not, ransomware is the last stage acting as a distraction in an attack whose main motivation is data theft. This added visibility provides companies with a chance to spot the initial stages of any attack much sooner.
LW: Your reports show that the U.S. has done well, too. What impact has rising regulation played? Im referring to the New York Department of Financial Services certification rules; and also Californias Consumer Privacy Act and the Department of Defenses Cybersecurity Maturity Model Certification.
Shier: The increased adoption of next-gen security technologies, as well as, regulatory pressure has contributed to better resilience against ransomware attacks. This is true of the U.S. and other regions as well. This is offset, however, by widespread abuse of stolen credentials, lack of ubiquitous multi-factor authentication, too many exposed and vulnerable services, and careless user behavior.
Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.
(LW provides consulting services to the vendors we cover.)
Recent Articles By Author
*** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: https://www.lastwatchdog.com/qa-sophos-poll-shows-how-attackers-are-taking-advantage-of-cloud-migration-to-wreak-havoc/
- Could Snowflake Rival Amazon in Cloud Storage and Services? Here's What You Need to Know About the New So - Tech Times - September 15th, 2020
- How Cloud Computing Can Deal With Lightning Strikes and Hackers - Carnegie Endowment for International Peace - September 15th, 2020
- How to approach IT logging in the cloud vs. on premises - TechTarget - September 15th, 2020
- This lifetime web hosting subscription comes with up to 1TB of storage - Mashable - September 15th, 2020
- Keep It in the Cloud! Best Cloud Storage Systems of 2020 - iDrop News - September 6th, 2020
- Impact of COVID-19 on Cloud Storage Software Market 2025 Expected to reach Highest CAGR including major key players Amazon Web Services, Microsoft,... - September 6th, 2020
- Facebook adds cloud storage providers Dropbox and Koofr to its photo and video portability tool - Digital Information World - September 6th, 2020
- Cloud storages you need to know - The Star, Kenya - September 6th, 2020
- How COVID-19 is Impacting the Consumer Cloud Storage Services Market by Industry Analysis, by Type, Application and Top Players:Apple, Google, Box,... - September 6th, 2020
- Cloud Storage Gateway Market to Witness Stunning Growth by 2027; Key Players are Riverbed Technology, SoftNAS, Inc., Oracle, Microsoft, Nasuni... - September 6th, 2020
- COVID-19 Is Driving a Cloud Computing Surge That Will Only Continue | Opinion - Newsweek - September 6th, 2020
- Asia Pacific Personal Cloud Market Industry Analysis and Market Forecast (2019-2026) _ Hosted Types, Revenues, User Type, and Geography. - Galus... - September 6th, 2020
- Amazon's Blink Unveils New Wireless Security Cameras with HD Video, Flexible Storage Options, and New Battery Expansion Pack Cameras Start at $79.99... - September 2nd, 2020
- Cloud Storage Software Market Will Raise Beyond Imagination over Period 2025 | Microsoft, Oracle, Rackspace Hosting, Red Hat, IBM - Scientect - September 2nd, 2020
- Stand Alone Cloud Storage Market Current Industry Size and Future Prospective with Key Players, Drivers and Trends - The Daily Chronicle - September 2nd, 2020
- Media And Entertainment Storage TAM To Exceed $16B By 2025 - Forbes - September 2nd, 2020
- The Launching Ceremony for XnMatrix Wrapped Up, the Next Generation of Cloud Computing Eco-System Sets Sail - PRNewswire - September 2nd, 2020
- Why not open our own Container Registry, muses GitHub as it gives orgs a hand at resource-sharing DEVCLASS - DevClass - September 2nd, 2020
- Sharing responsibility: Why we need to work together to keep the cloud secure - ComputerWeekly.com - September 2nd, 2020
- Data breach exposes tens of thousands of NSW drivers licences online - ABC News - September 2nd, 2020
- 10 Key Takeaways From NetApp CEO George Kurian: Cloud, Coronavirus And Growth - CRN: Technology news for channel partners and solution providers - September 2nd, 2020
- Responding to Cloud Misconfigurations with Security Automation and Common-Sense Tips - Security Boulevard - September 2nd, 2020
- How to Prepare for the Next Time the Cloud Goes Down - Gizmodo - September 2nd, 2020
- Demand for Consumer Cloud Storage Services Market from Major End-use Sectors to Increase in the Near Future - The Scarlet - August 29th, 2020
- Prevent the storage and data security risks of remote work - TechTarget - August 29th, 2020
- Samsung kills Gallery Sync and Drive support in favor of OneDrive - Android Central - August 29th, 2020
- 4 great Android apps to edit the perfect photo - Phandroid - News for Android - August 29th, 2020
- Google Cloud and STS to Automate US Navy Maintenance Inspections Using AI and ML Technology - PRNewswire - August 29th, 2020
- New innovative report on Cloud Storage Gateway Market Future Growth Analysis, Business Demand and Opportunities to 2027 - The Scarlet - August 29th, 2020
- Global Cloud Based Storage Market 2020 Industry Outlook, Comprehensive Insights, Growth and Forecast 2026 - Good Night, Good Hockey - August 29th, 2020
- In quest to go paperless (and save money), Mizuho to start charging for bank books - Japan Today - August 29th, 2020
- NetApp posts strong Q1, plots big re-organisation Blocks and Files - Blocks and Files - August 29th, 2020
- The Handiest Video Doorbells to Remotely Test Who's At your Doorstep - Herald Planet - August 29th, 2020
- Explore the best free cloud backup services on the market - TechTarget - August 26th, 2020
- Integrated Media Technologies Joins the Active Archive Alliance - Sports Video Group - August 26th, 2020
- Storj Labs and FileZilla Collaborate to Offer Secure File Storage in the Remote Work Era - Database Trends and Applications - August 26th, 2020
- Cloud Compliance Frameworks: What You Need to Know - Security Boulevard - August 26th, 2020
- Reevert Unveils Advanced Tools to Enhance Network Security and Efficiency for Remote Workforces - PRNewswire - August 26th, 2020
- Enhancing Network Visibility for SD-WAN in the Era of Cloud and SaaS - The Fast Mode - August 26th, 2020
- Where to Back Up Your Smartphone Photos Online (and Why You Should) - Lifehacker - August 24th, 2020
- NordLocker encryption heads to the cloud - IT PRO - August 24th, 2020
- What Is the OneDrive File Size Limit? Microsoft's 2020 Updates - Cloudwards - August 24th, 2020
- A Security Flaw In 'Manage Versions' Feature Of Google Drive Could Allow Malware Attackers Trick Victims Into Installing Rogue Code - Digital... - August 24th, 2020
- Medical Image Cloud Market Expected to Witness High Growth over the Forecast Period 2020 2025 - The Daily Chronicle - August 24th, 2020
- What Is OneDrive? A 2020 Guide to Microsoft's Cloud Storage - Cloudwards - August 20th, 2020
- Stand Alone Cloud Storage Market Growth, Industry Verticals and Forecast to 2026 - Scientect - August 20th, 2020
- Outlook on the Healthcare Data Storage Global Market to 2026 - Opportunity Analysis for New Entrants - ResearchAndMarkets.com - Business Wire - August 20th, 2020
- Personal Cloud Storage Market by Top Manufacturers with Production, Price, Revenue (value) and Market Share to 2026 - The Daily Chronicle - August 16th, 2020
- Pure Storage and Cohesity in Partnership to Deliver Rapid Recovery at Scale - insideHPC - August 16th, 2020
- Cloud Storage Systems Market Analysis, Size, Regional Outlook, Competitive Strategies and Forecasts to 2025 - eRealty Express - August 16th, 2020
- Cloud Storage Market Size by Top Companies, Regions, Types and Application, End Users and Forecast to 2027 - Bulletin Line - August 16th, 2020
- How to install the Seafile cloud storage solution on Ubuntu Server 20.04 - TechRepublic - July 31st, 2020
- Five on-premise and cloud options for network-attached storage - ComputerWeekly.com - July 31st, 2020
- Want to back up the worlds largest SSD? Use this 100TB cloud storage - TechRadar - July 31st, 2020
- 4 reasons why Tresorit is the best cloud storage service - Tech Advisor - July 31st, 2020
- Cloud Technologies Your Business Needs in 2020 - The Seeker - July 31st, 2020
- FBI Alerts to Rise in Targeted Netwalker Ransomware Attacks - HealthITSecurity.com - July 31st, 2020
- The entire Netflix movie archive will fit on this 90PB storage system - TechRadar - July 31st, 2020
- Student discounts: the best offers in 2020 - Creative Bloq - July 31st, 2020
- Cloud Storage Market to Grow at a CAGR of 21.9% from 2020 to 2027 to Reach $222 Billion by 2027 - PRNewswire - July 23rd, 2020
- Google Cloud Claims Another Win With Box Partnership - Forbes - July 23rd, 2020
- Stand Alone Cloud Storage Market Size, Share, Growth Rate, Revenue, Applications, Industry Demand & Forecast to 2025 - 3rd Watch News - July 23rd, 2020
- Global Enterprise Cloud Storage Market 2020 by Company, Regions, Type and Application, Forecast to 2025 - Cole of Duty - July 23rd, 2020
- Stand Alone Cloud Storage Market: The Development Strategies Adopted By Major Key Players And To Understand The Competitive Scenario - 3rd Watch News - July 23rd, 2020
- BitDam Advanced Threat Protection now available on Microsoft Azure Marketplace - Help Net Security - July 23rd, 2020
- Nexsan Unity taps into cloud and Assureon archive - TechTarget - July 23rd, 2020
- IPVanish July sale: three months of VPN cover for the price of one with this deal - Tom's Guide UK - July 23rd, 2020
- Commvault integrates Hedvig with HyperScale X appliance Blocks and Files - Blocks and Files - July 23rd, 2020
- Life After COVID 19: E-Discovery Considerations for Attorneys and Clients - JD Supra - July 23rd, 2020
- 4 Ways to Advance Your Tech Without Sacrificing Security - Security Boulevard - July 7th, 2020
- Cloud Storage Market Is expected to Witness Significant Growth between 2020 to 2028| Top Key Players- AWS, IBM, Microsoft, Google, Oracle, HPE - Owned - July 7th, 2020
- Software-defined storage: It's a Thing Blocks and Files - Blocks and Files - July 7th, 2020
- Microsoft takes legal action against COVID-19-related cybercrime - Microsoft on the Issues - Microsoft - July 7th, 2020
- How Vodafone is helping MSMEs gear up for their business revival - YourStory - July 7th, 2020
- IP Video Surveillance And VSaaS Market Growth Analysis By Manufacturers, Regions, Types and Application Forecast - Apsters News - July 7th, 2020
- Alternatives to banned apps Shareit and Xender for file transfer - Digit - July 4th, 2020
- I Don't Care How Great These OneDrive Improvements Are, I'm Not Using It - Gizmodo UK - July 4th, 2020
- Cloud Based Storage Market with Report In Depth Industry Analysis on Trends, Growth, Opportunities and Forecast till 2024 - AlgosOnline - July 4th, 2020
- Global Cloud Storage Software Market 2020, Analysis by Growing Demand, Types, Application, Top Trends, User-Demand and Opportunities Assessment till... - July 4th, 2020
- Cloud Robotics Market to Grow at Robust CAGR in the COVID-19 - Kentucky Journal 24 - July 4th, 2020