The NSA advisory contains detailed descriptions of attack methods observed by U.S. intelligence agencies and steps on how to counter them.
Cloud providers and managed service providers are attractive targets for hackers, as a successful attack could provide access to sensitive systems for dozens or hundreds of client companies.
The guidance focuses on four primary areas of cloud security:
As an example, the NSA cited configuration errors from defense contractors that exposed data from the National Geospatial-Intelligence Agency in 2017.
The agency said the Iran-based Mabna hacking group has been able to bypass multi-factor authentication systems by subverting other controls.
Some systems that allow several companies to be hosted on the same cloud server can be vulnerable to attack, the NSA warned, enabling hackers to attack multiple targets with one successful breach.
The NSA cited the ShadowHammer cyberattack campaign in March, which used flaws in computers made by Asustek Computer Inc. to install malware through legitimate software updates as one example.
Malicious insiders, criminals and nation-states are examining weaknesses in cloud security, the NSA said, with varying objectives. Criminals and insiders might look to exploit sensitive information or destroy it, for instance, while nation-states might attempt to use access to these servers to gain entry to more sensitive systems at a cloud provider’s customer. Untrained or neglectful employees also could inadvertently allow attackers to gain access to sensitive information by failing to properly follow security procedures, the agency said.
Imagine you came into work one morning, turned on your computer, and wasn’t able to access your company’s network. You may think the wifi is down or there’s a blip in the Ethernet, but then you start getting flooded with phone calls from other employees: They can’t access anything on their mobile phones, tablets, laptops … anything that requires connectivity to your company’s network. No matter what your IT team does, you’re still locked out of your network, servers, and applications.
This isn’t just any outage – it’s a Distributed Denial of Service cyberattack (DDoS), and it’s happening more and more frequently. You need to make sure you’re ready for it – otherwise you could face a tremendous disruption in business, lose money, and have to rebuild trust with your employees, customers, and clients.
DDoS attacks use junk data, usually sent from compromised machines or devices, to render a network, server, or application unavailable to legitimate users.
How can this happen? Increasingly, unsecured Internet of Things (IoT) devices such as video cameras are the source of this attack data. The more devices that are reliant on an internet connection, the easier it is becoming for bad actors to use these types of attacks to penetrate your IT environment and exploit your data. IoT isn’t going away – a recent study by PricewaterhouseCoopers (PwC) finds 63 percent of companies are planning to deploy IoT devices in the next year. IoT devices are estimated to grow from 20 billion last year to 51 billion by 2023.
You may think the answer is simple – secure IoT devices. The same PwC study also found that two-thirds of companies surveyed have an IoT security strategy in place or currently are implementing one to address the emerging risks of these devices. However, it isn’t so simple. The security mechanisms on IoT devices often are disabled by default, and security patches for the systems often are unused, allowing attackers to compromise them and use their collective bandwidth to steal your data. The distributed supply chain in which IoT devices are created and sold adds to the problem. There are three major players in IoT device manufacturing and selling:
Layer 1 is busy making the next chip, while Layer 2 is upgrading its product to work with the next chip. Maintaining older chips and products aren’t a priority. Even if you have a brand new smart watch, chances are the software components are four to five years old. The result is that hundreds of millions of devices are sitting on the Internet, unpatched and insecure. Hackers know this, and they’re working tirelessly to exploit this weakness and launch cyberattacks.
Despite the growing risk, the majority of attacks remain under the radar. Experts are finding that criminal DDoS attacks driven by extortion are coming to the fore once again. Hackers often contact businesses at a large scale and demand a bitcoin payment to prevent a DDoS. The majority of extortion attempts likely go unreported and uninvestigated. One trend fueling the rise of DDoS-extortion threats is the availability of DDoS-as-a-service. Cybercriminals rent their botnet to anyone willing to pay as little as a few dollars an hour, meaning no technical ability is required to launch attacks.
Lawmakers and regulators are trying to pressure companies to strengthen the IoT security. A bipartisan group of senators introduced a bill recently that would set security standards for IoT devices. In January, the Federal Trade Commission fined VTech Holdings Ltd. $650,000 for “failing to use reasonable and appropriate data measures” for an internet-connected toy.
As we’ve seen before, though, legislation and regulation take time to go into effect. Hackers aren’t waiting, and neither should you. How can you start to close the door on DDoS attacks on your enterprise?
First and foremost, you need to understand what’s critical to your business through a vulnerability assessment. Vulnerability assessments aren’t an opportunity to play the blame game. It’s an audit of what you have today in order to plan for a more secure tomorrow. Then, look for a managed security services provider like US Cloud which has endpoint security services that will ensure any device that is accessing your network won’t be susceptible to hackers trying to penetrate your enterprise’s defenses.
Using our next-generation anti-virus and activity recording for all your endpoints, US Cloud comprehensively monitors and protects your operating systems and infrastructure from cyberthreats. Contact US Cloud and get a quote today to ensure you’re not the next victim of a DDoS attack.
Cloud services offer efficiencies and productivity, agility, and cost savings. There is no question that it makes a lot of sense for many organizations to move to hybrid cloud solutions.
Many IT leaders are understandably hesitant about moving their IT infrastructure and critical workloads to the public cloud. In addition to public cloud security issues, they’re worried about losing visibility and control of their IT resources and data.
Ironically, many IT leaders don’t really know what’s in their IT environment, which means they have less visibility and control than they think. Recent ransomware and wiperware outbreaks have illuminated how few organizations have accurate records of what IT resources were operating in their environments, or even the status of the known systems. While this is due in part to the rapid adoption of things like shadow IT, it is also frequently the result of such things as personnel changes, mergers, and acquisitions. For many organizations, conducting a full network analysis before transitioning some of their network resources to the cloud is the first time an IT leader is able to scope a full and accurate view of what their IT environment looks like.
That has to be done before you can secure your hybrid cloud environment.
IT leaders need to know the delineation of responsibility between them and their cloud provider. That depends on whether their cloud provider is Infrastructure as a Service (IaaS), Software as a Service (SaaS), or Platform as a Service (PaaS).
A clear understanding of how much of the stack they are responsible for managing will drive the strategy for securing their hybrid cloud environment.
Key strategies include knowing what’s running on your network, where things running on your network are being used and where users are connecting, why the things running on your network are being used, who is using the things running on your network and when.
Then, turn off what is not being used.
Credential management is the biggest risk. Lots of cloud services are set up with security as an afterthought. Non-IT-trained people are setting up sharing services with things like non-expiring links, so confidential and proprietary information is sitting outside your network.
An emerging trend is that end users are setting up cloud services without considering the three tenants of information system management that IT professionals are trained to ensure – accessibility, availability, and security of information.
You don’t have someone handle the company finances who doesn’t know anything about accounting. Yet, we see companies letting unqualified personnel put the company’s proprietary information, the crown jewels, outside their network so that company data can walk out the door with them if and when they leave.
Contact US Cloud to discuss your unique hybrid cloud security needs, roadmap your hybrid cloud security plan, or get pricing options for managed security services.
Security by its very nature is supposed to be in the background, working behind the scenes to ensure you don’t see the threats that could crop up at any moment. Hackers operate in the shadows, hiding in the dark web looking for areas to exploit in order to steal your sensitive customer data and intellectual property. However, an unfortunate consequence is that cybersecurity lacks the support and enforcement necessary to keep your data secure.
Your enterprise is likely similar to many we’ve worked with – complex daily operations, different demands requiring attention at all times, leaving many to have cybersecurity fatigue … if it’s more steps or workarounds for employees to do their jobs, they likely won’t participate.
In today’s environment, a focus on cybersecurity isn’t a luxury – it’s a necessity. Making sure that focus is achieved starts with your company’s culture. You may have fire extinguishers in your office building, but you prefer to prevent fires from ever happening so you don’t need to use the extinguishers, right? Same idea applies to cybersecurity – you want to prevent hackers from ever infiltrating your defenses so you don’t have to spend potentially millions of dollars dealing with the damage.
Here are three ways you can bring cybersecurity from the dark shadows of your office to the forefront of everyone’s minds, all the while keeping hackers out of your business:
As with many aspects of technology, the explosion in cybersecurity complexity and innovation is real. In the past, your IT security employees could learn a few cybersecurity protocols, monitor your on-premises system, and address any problems as they arose.
Thanks to software automation and cloud computing, taking a 20th century view of cybersecurity is no longer sufficient. Cybersecurity experts’ roles have changed, moving from being an order taker to one who needs to not only understand what’s happening but be able to make rapid decisions to keep your company secure.
Unfortunately, need hasn’t kept pace with skills: There’s a significant shortage of cybersecurity experts in today’s labor market, and that shortage will grow to 4 million people by 2020. While earlier cybersecurity systems may have been simple enough for one or two specialists to manage, the complexity of the modern landscape means you need a team possessing a constantly evolving skill set to cover emerging concerns. Instead of looking for a needle in a haystack, look to managed security service providers (MSSPs) like US Cloud, which already has experienced cybersecurity experts available to help you secure your data and applications.
As today’s cybersecurity experts evolve into tomorrow’s decision makers, they should also gain more influence in the boardroom. Security is a boardroom level issue, because the consequences of data breaches can lead to litigation, millions of dollars in damages, and loss of trust degrading your brand. Brand, money, and litigation are generally board level issues, and cybersecurity should be principal among them.
This should not only take place in the middle of a breach or other urgent challenge, but in all discussions. Technology and security experts have an invaluable vantage point thanks to their intimate knowledge of organizational structure, information flow, operational process, and more. Your leadership team has every reason to value their perspective.
By highlighting the dangers of security breaches and the efficiencies created by good security practices, cybersecurity professionals can prove the importance of integrating security measures into overall decision making, helping improve the bottom line. We have advisory services that can help you find the right ways to convince your boardroom cybersecurity is an issue they should bring to the forefront of their meetings moving forward.
While a strong security approach needs leadership buy-in, that’s by no means the end of the battle. You need to take a top-down as well as bottom-up approach, which means working with your employees to help them recognize the need for stronger cybersecurity and how they can help.
It’s a two-way street, though: Security training is important, but take the time to listen to your employees and understand how they get their work done on a regular basis. If you just implement security policies that create barriers for employees to get their jobs done, they’ll find ways around them and subsequently leave you open to cyberattacks. It’s important to also take the time to communicate with them as threats arise: We all need regular reminders to remain vigilant against an ever-evolving world of security risks.
If cybersecurity was easy, we wouldn’t be losing billions of dollars a year to hackers. US Cloud has the experience and tools you need to create a specialized strategy to bring greater awareness and enforcement that safeguards your network and cloud from emerging cyber threats. From penetration testing and vulnerability assessments to managed security plans, hyper secure cloud and next-generation security tools, US Cloud has you covered.