Cyber Attacks Move to the Cloud

This article comes from a recent report in Computer Weekly.

A recent study shows that with an increase in the adoption of cloud-based services, cyber attacks on cloud environments have almost reached the same level as attacks on traditional IT.

The 2014 Cloud Security Report by Alert Logic is based on an analysis of data from cloud and on-premises infrastructures of 2,200 customers.

In the past year, the study found that brute force attacks on cloud environments climbed from 30% to 44% of customers, and vulnerability scans increased from 27% to 44%. These typically involve a number of attempts testing multiple common credential failings to find a way in, while vulnerability scans are automated attempts to find a security weakness in applications, services or protocol implementations that can be exploited.

“As more enterprise workloads have moved into cloud and hosted infrastructures, some traditional on-premises threats have followed them,” said Stephen Coty, chief security evangelist at Alert Logic.

“This reinforces the necessity for enterprise-grade security systems specifically designed to protect cloud environments,” he said.

The report is also based on data from “honeypot” computer systems set up on the internet – those that are expressly set up to attract and trap people who attempt to penetrate other people’s computer systems. These attract attackers to observe attack types and frequency.

The report shows that 14% of malware collected through the honeypots was considered undetectable by 51 of the world’s top antivirus suppliers as attackers re-package variants of malware like Zeus or Conficker.

“Antivirus still has a role as it detecting the other 86% of malware, but organisations have to do a lot more than that to ensure they can catch the malware that antivirus will not.”

According to the report, widespread acceptance of cloud computing in enterprise IT increases the need to secure cloud infrastructure in a way that rivals protection of the traditional datacentre.

To meet this requirement, the report said IT and security professionals must understand the types of threats targeting cloud computing environments, and whether traditional security technologies can perform effectively in cloud environments.

“They must also understand that cloud is a shared responsibility between the service provider and the customer,” said Coty.

“The cloud provider is responsible for foundational services and things like hardening the hypervisor, but users remain 100% responsible for everything at the application layer, including security,” he said.

According to Coty, this means cloud consumers still need to think about features such as secure coding, access management, software virtual patching, monitoring applications and security monitoring.

Cloud consumers also need to talk to their providers about what they need to do from a security point of view, and ask questions about their encryption strategies and how they patch their hypervisors.

“Finally, it is important to stay informed about the kinds of potential threats to your cloud environment to enable you to ask the right questions of your service provider,” said Coty.

“Knowledge is power because knowing what you are vulnerable to will help you to defend your environment a lot more efficiently and work better with your service provider,” he said.