Multifarious benefits of cloud computing make the disruption of digital transformation worthwhile, business leaders are assured. However, a recent torrent of automated attacks on cloud infrastructure’s vulnerabilities has precipitated a somewhat gloomy outlook, raining on the cloud’s silver lining.
In September, for example, Xbash – an advanced, data-destructive malware strain that combines cryptomining, ransomware and botnet capabilities – was identified. How can organisations that have come to depend on the cloud for the smooth running of their business combat these morphing, multi-vector cyberthreats?
“Cloud security has never been more critical,” warns Max Heinemeyer, director of threat hunting at Darktrace, a global leader in artificial intelligence-powered cybersecurity. “Xbash is a very sophisticated example of an automated attack because it can target both Linux and Windows servers, and has multiple payloads.
“Automated attacks against internet-facing infrastructure, like Xbash, are not new. What has changed is that the number of devices that are internet facing and potentially vulnerable has increased exponentially. This is in no small part due to the advent of the cloud. Attackers are innovating rapidly, and we can expect attacks on the cloud to get faster and more furious.”
Rise of the cloud has left vulnerable software exposed
Charaka Goonatilake, chief technology officer of Panaseer, another cybersecurity giant, agrees. “What’s different in the cloud era is the ease with which exploitable software can be spun up and exposed to the world on the internet,” he says.
“Vulnerability search engines, such as Shodan, continually trawl the internet for these exploitable weaknesses and make it effortless to identify masses of targets to attack. Combined with the fact that highly sophisticated malware, such as Xbash, is readily available off the shelf, makes for a very low barrier for nefarious actors to carry out lucrative attacks from the comfort of their own homes.”
Hardik Modi, senior director of threat intelligence at Netscout, expands upon this worrying theme. “There are numerous instances of such open-source packages like Hadoop, Mongo and ElasticSearch which remain exposed to the internet, and there have been waves of reports of installations that have been exploited and encrypted,” he says. “This can have severe consequences for businesses of all sizes, since they may not be in a position to recover such data.
Indeed, our telemetry shows a Hadoop YARN installation is attacked about once a minute. A vulnerable installation would be attacked immediately. These measures vary wildly across the industry and as a result there remain huge exposures for the internet ecosystem at large.”
Rich datasets are valuable for both business and cybercriminals
Alarming figures illustrate the growing issue. “In January, 1.8 billion records were leaked online,” says Dr Guy Bunker, senior vice president of data security organisation Clearswift. “Today it is possible to collect and analyse billions of pieces of sensitive data in almost no time at all. It can be transferred across the internet to a partner who shares it with another and another, further enriching it with more data.
“These large datasets are not only useful for business, they are also a honeypot for cybercriminals who will steal it and then sell the information on the dark web. Security is only as strong as the weakest link.”
Adam Philpott, McAfee’s president, Europe, Middle East and Africa, points out C-suite ignorance. “We currently estimate that the average organisation generates over 3.2 billion events per month in the cloud, of which 3,217 are anomalous and 31.3 are actual threat events,” he says.
“Also, most organisations underestimate how many cloud services they actually use, with the average using approximately 1,935, a figure that has seen a 15 per cent growth from last year. In contrast, the average organisation thinks it uses just 30 cloud services.”
Improving cloud security is one of the biggest business challenges
Considering that the number of connected devices is expected to rise to 20 billion by next year, according to Gartner, organisations will use some 40 per cent of these and each one opens up a new vulnerability. Gartner also projects worldwide public cloud growth of 17 per cent this year. How then can organisations maintain adequate cybersecurity in this increasingly vicious online war zone?
Improving general cyber-hygiene and significantly greater education in this area, from top to bottom of an organisation’s hierarchy, is imperative. Adam Louca, chief technologist for security at IT infrastructure provider Softcat, says: “The current cybersecurity skills gap means defending cloud infrastructure from compromise is one of the biggest challenges of modern business.
“Cloud companies must do more to educate their customers on best-practice security configuration. Businesses must continue to invest in security skills training, and onboard new talent to close the widening gap between their security needs and the resources they have to protect themselves.”
Cloud security is not something businesses can afford to take lightly
Another level of protection is gained by using tech against tech, says Alan Duric, co-founder of Wire, an end-to-end encrypted communication and collaboration platform. “Automated attacks on cloud structures are directly related to businesses using insecure and unreliable communications platforms like email, Slack and WhatsApp,” he claims.
What has changed is that the number of devices that are internet facing and potentially vulnerable has increased exponentially
“Firms need to invest in secure communications platforms that are end-to-end encrypted, while ensuring all mobile devices used by the business are hardwired for security, and built with security and privacy from the ground up.” It’s clear that those who take a breezy attitude to cloud security risk being blown away in this stormy climate.
How to improve cloud defences
What should organisations be doing to shore up their cloud security defences? “They need to harden their cloud applications and infrastructure, and incorporate processes that continuously check enterprise applications for vulnerabilities,” says Dave Klein, senior director of engineering and architecture at cloud and datacentre security specialist Guardicore.
“Further, they must incorporate patch, kernel and application updates into the provisioning and management scripts they use to spin up workloads within the clouds. Additionally, application designs need to be modified to add two-factor authentication for exposed services.
“Finally, since current cloud topologies are woefully lacking in segmentation, leaders absolutely must improve their segmentation game. Even by taking just the very basic steps to isolate, segment and micro-segment their cloud environments, leaders will impede an intruder’s lateral movement and thus make it harder for attackers to succeed.”
Dr Guy Bunker at Clearswift urges security professionals to “start thinking like their attackers”. He asks: “How can they make it as difficult as possible to obtain the information and then to use it?”
Encryption is part of the solution. McAfee’s Adam Philpott believes a collective, proactive approach is critical. “I would suggest auditing your Amazon Web Services, Azure, Google Cloud Platform or Infrastructure as a Service configurations,” he says.
“Further to this, try to understand where your most sensitive data lives, and assess your access and sharing privileges. Once you have an understanding of this, lock down and apply data loss prevention to your most sensitive locations. Remember, if your data is a collaborative effort, so should your security be.”