By Donald Meyer
It’s that most wonderful time of the year – the time where I like to take a look back and reflect on what the year has been as well as look forward to take a peek into next year. With the start of every new year we see many exciting new trends. But if the past is any indication, the security threat landscape will constantly change and present new challenges ahead.
Looking into some of those trends and challenges is our Check Point security team. At the end of each year, they spend time imagining what the threat landscape might look like in the coming year. This gives us the opportunity to analyze the security trends we’ve followed over the past year, and it allows us to creatively extrapolate what might potentially happen next.
Like most IT security professionals, I don’t really want our predictions to come true: I would prefer if organizations didn’t get hacked or breached. But the reality is it’s a dangerous cyber world out there, and as the late great Frank Drebin was fond of saying – if it wasn’t “I’d be out of a job.” By anticipating the next wave of threats, we hope to help businesses stay ahead of the evolving tactics and exploits that criminals use to target them.
Check Point recently commissioned a research survey to gain insight from IT professionals on their top security concerns. An overwhelming majority – 93% – of organizations are very or moderately concerned about cloud security. Based on our analysis and survey results, here are a couple of predictions along with additional cloud security threats and trends that we expect to see during 2017:
Prediction #1: There will be an attack on a major cloud provider. As enterprises continue to put more data and migrate production workloads on the public cloud, an attack to disrupt or take down a major cloud provider will affect all of their customers’ businesses. While generally disruptive, it could be used as a means to impact a specific competitor or organization, who would be one of many affected, making it difficult to determine motive.
We all remember the five-hour outage at AWS in September 2015 that affected a number of AWS services and quite a few customers. The issue was isolated to the “US-EAST-1 Region” and was caused by a problem with Amazon’s DynamoDB. A network disruption “briefly affected” DynamoDB’s ability to “communicate with its metadata services.” Once the network issue was resolved, the flood of requests from the storage servers trying to upload their metadata overwhelmed the capacity of the metadata service, resulting in the service needing to be shut down.
The net result of this event was any service that utilized DynamoDB in that region got affected. After a marathon six-hour battle, AWS was able to increase the capacity of the metadata service, thus restoring it and the corresponding storage services. The key take-away: outages will happen – even in the cloud.
We now have a potential interesting new weapon of mass disruption that can be trained on larger and larger targets: a host of new IoT devices making their way onto the Information Super Highway combined with motivated, highly organized cyber criminals all too aware of how to exploit the vulnerabilities the bulk of these IoT devices inherently possess. AWS is taking note of this potential threat. A key announcement at this years’ AWS re:Invent was the introduction of the AWS Shield, a managed Distributed Denial of Service (DDoS) protection service designed to minimize application disruptions and latency.
It will be interesting to see if and when Shield gets put to the test what we can now learn about how DoS/DDoS attacks and attackers are evolving, but the fact that AWS recognizes this as a significant threat should be a wakeup call to any organization using public cloud services that any cloud strategy should also include a robust disaster recovery and back-up strategy to minimize disruptions due to cloud outages.
Prediction #2: Ransomware will find its way into a Data Center. There will be a rise in ransomware attacks impacting cloud-based data centers. As more organizations embrace the cloud, both public and private, these types of attacks will start finding their way into this new infrastructure through either encrypted files spreading cloud to cloud or by hackers using the cloud as a volume multiplier. In our current cloud security survey, over 80 percent of cybersecurity professionals are very or moderately concerned about ransomware.
Ransomware — malicious software that encrypts the victim’s files and holds them hostage unless and until the victim pays a ransom in Bitcoin — has emerged as a potent and increasingly common threat online. But many Internet users are unaware that ransomware also can just as easily seize control over files stored on cloud services. Businesses often have an antivirus installed on the server, but that’s proving to be insufficient. Ransomware is able to sneak past those defenses because the cyber criminals distributing ransomware engineer it to evade detection.
Cloud-based data centers are a rich target for ransomware for a number of reasons. Here’s why:
- Data centers hold the most sensitive, lucrative information. Targeting environments where the most sensitive and critical data is stored can facilitate the extortion of potentially huge sums of money, on a totally different scale than the current client device ransomware payouts of $100-2000 per infection.
- Financially motivated professional cybercriminals operate successfully in the wild, and are constantly looking for new targets. Hackers like those behind the Carbanak APT, Morpho/Butterfly APTs, GameOver ZeuS groupand others are fully capable of conducting ransomware attacks on cloud-based data centers.
- Traditional security protections don’t fit the dynamic nature of cloud-based data centers, so advanced security is often not deployed in the cloud that could prevent infections. In addition, the shared responsibility model public cloud providers utilize provides a false sense of security for customers, which leaves their cloud environments and all that valuable data ripe for the picking.
- The rise of ransomware APTs that are specifically adjusted to target cloud-based data centers will become a significant risk to corporations asking to protect their most valuable assets. With data centers shifting to the cloud, ransomware is set to become a challenge for cloud security vendors.
Like the issue with potential service disruptions, a good strategy to combat this type of threat is with diligent data back-ups, a well-defined DR plan and deploying advanced threat prevention security into your cloud environment.
In addition to the issues raised above, there other cyber threats to cloud environments to take into consideration:
Data Leakage. In a multi-tenant cloud environment where resources are shared, placing sensitive data in the hands of a 3rd party vendor seems, intuitively, risky. In addition, safe harbor and privacy laws make control over your data essential. Whether it happens because of access by government agencies, a malicious hacker attack or even by accident, data leakage would be a major security and/or privacy violation. The best strategy in the cloud is to use strong encryption for data in transit and at rest; anything less is not worthwhile. When using the cloud, all data and metadata should be encrypted at the edge, before it leaves your premises. A good rule of thumb is trust no one in the cloud, only yourself.
Unauthorized access to customer and business data. Cyber criminals like low hanging fruit. They tend to target small businesses because they often lack the resources and security expertise and can be easier to breach. But, hackers are also equal opportunity offenders going after large companies because of the allure of larger payouts. Whether big or small, cloud environments provide an interesting threat vector from an unauthorized access prospective. With multiple levels of administrators calling upon cloud provisioning, orchestration and management tools to define new apps and services – and more often than not, these admins are not fully aware of the security implications of their actions – visibility into who is logging in and what changes have been made is limited.
Once a hacker has infiltrated an asset, one of his first steps is probe for credentials as well as reconnaissance for other assets to infect. With the credentials in hand, the attacker can now move around and potentially make malicious changes to the infrastructure completely undetected. Cloud providers are only responsible for safeguarding the infrastructure and not the customer environment (again, remember that shared responsibility model), thus it is up to the organizations to put in place the correct safeguards to prevent unauthorized access and prevent the opportunity for attackers to infiltrate with malware and other advanced threats.
So, what can you do to protect your company’s cloud data?
Just making yourself aware of these issues will get you started in the right direction. The biggest confidence builders include full visibility into all security events along with consistent security protections across both on-premise and cloud environments. That’s easier said than done, but fortunately, we actually make it easy for you – and do so without breaking the automation and elasticity of the cloud. Check out our comprehensive cloud security portfolio to see for yourself how Check Point can help make the transition to cloud-based networks painless.