One place for hosting & domains


      Evolving Cyberattacks: Exploring the Changing Cybersecurity Landscape in 2020

      Cyberattacks have been plaguing the top headlines for years and security continues to be a top priority for enterprises across the globe. In fact, when IT pros were asked their top challenges for 2020, protecting their organizations from cyberattacks came in second only to migrating applications to the cloud.

      Many of these pros also noted that cybersecurity would have been a good area to focus on had they known when they entered the field how important security would become. And this is not without reason. Criminals perpetrating cyberattacks keep shifting their strategies to expose new vulnerabilities, and cybersecurity experts are essential to stop these attackers in their tracks.

      As the cybersecurity landscape continues to evolve, it’s crucial to maintain awareness and adjust security strategies accordingly. Let’s explore what’s changing and which attacks are on the rise.

      Targeted Ransomware Attacks

      Public reports from various vendors such as Check Point, Verisign and others all seem to agree that mass ransomware attacks peaked in 2017 and ran through 2018, with 30 percent of businesses and home users affected, according to Checkpoint’s 2020 Cyber Security Report. But a peak doesn’t mean that ransomware attacks are going away, rather, they shifted to more targeted ransomware attacks in 2019.

      Alert Logic notes in their Critical Watch Report that ransomware continues to be a popular cyberattack due to its profitability, simplicity (because it can be conducted from a computer anywhere in the world) and anonymity. Malicious attackers are always adapting to new environments and IT protection strategies. The larger numbers of attacks in 2017 were reported from organizations that received phishing emails containing ransomware software. This technique has a fairly low success rate. With the end goal of a company paying an attacker for encryption keys, there is also low probability that the majority of these organizations would even have the available funds to pay in the first place. A more targeted and sophisticated effort proves to have a much higher success rate.

      Rising Popularity of Cryptojacking

      With ransomware attacks on the decline, cryptojacking—a type of cyberattack in which a hacker secretly uses a target’s computer to mine for cryptocurrency—is seeing a massive rise in popularity. It’s less visible and doesn’t require the same effort as ransomware. One of the many examples of this trend is a cryptojacking attack on a cloud mining service, which took the scripting service offline for weeks and resulted in 65-million-dollars in stolen cryptocurrency. While the company was able to recover most of the currency, cryptojacking attacks continue to deliver potentially business-ending consequences to vulnerable organizations.

      Attackers are evolving to use many of the same exploit measures that spammers and DDoS attackers have been using for years. Gaining control of a machine through known vulnerabilities and using those compromised machines idles computing cycles to join a mining pool.

      There were 52.7 million cryptojacking hits in the first half of 2019. Cryptojacking is a growing threat as we progress into 2020, and we can expect that more and more idle compute resources will be compromised.

      Evolving DDoS Attacks

      DDoS attacks are still a rising method of cyberattack, and just like ransomware attacks morphing into cryptojacking, DDoS attacks are also evolving.

      Neustar’s Q2 and Q3 2019 reports suggest that the attack intensity, measured in Mpps (million packets per second), as well as attack size, measured in Gbps (gigabits per second), is dropping. The average intensity of attacks in 2018 measured at 4.5 Mpps, while the average was 1.3 Mpps. The largest DDoS attack, recorded in 2018, registered at 1.7 Tbps. The average attack size in 2019 was around 7.5 Gbps. This suggests that DDoS attacks are currently undergoing the same process of refinement as ransomware attacks.

      Increasingly sophisticated DDoS attacks are being used not to take a whole service offline with a volumetric attack, but to strategically target specific ports, gateways, services or applications. These attacks require much less traffic to take a service offline, and many times the attack is focused on network degradation as opposed to a downed site event.

      Other Types of Cyberattacks

      While some of these more popular attacks types peaked from 2017 and 2018, a few new forms of attacks are on the rise. Some are using classic tactics, with malicious attackers going back to more simplistic attack styles to exploit areas that may be lightly secured by more corporations. Attacks using web-form hijacking techniques are on the rise, and while it seems as though most companies have adequate controls, JavaScript-based attacks served 16 percent of all global attacks for the first half of 2019.

      JavaScript based attacks are reported only third to EXE and DOC based attacks. While many organizations have defense software or hardware to protect their services on an application level, there may still be gaps in security that allow for vulnerabilities. A failed policy to delete an administrator account after an employee departure, a patch that was never applied to an application or crucial upgrades to software that can’t be implemented due to how the application is developed all can result in an attack.

      Preventing Vulnerabilities

      In 2020, it’s more crucial than ever to update both business and technical security policies. Finding a partner you can trust is an important first step to effectively getting ahead of these evolving attacks, and to navigating and managing the complex tools that will keep your organization safe.

      At INAP, we offer managed security services for all cloud products that extend your team and safeguard critical infrastructure. Do your homework to ensure whichever partner you choose can adequately safeguard your infrastructure solutions, as well as adequately address the evolving cyberattack landscape.

      Explore INAP Managed Security.


      Paul Just


      Source link

      6 Tips for Managing Cloud Security in the Modern Threat Landscape

      In a world where advanced cyberattacks are increasing in frequency and causing progressively higher costs for affected organizations, security is of the utmost importance no matter what infrastructure strategy your organization chooses. Despite longstanding myths, cloud environments are not inherently less secure than on-premise. With so many people migrating workloads to the cloud, however, it’s important to be aware of the threat landscape.

      Ten million cybersecurity attacks are reported to the Pentagon every day. In 2018, the number of records stolen or leaked from public cloud storage due to poor configuration totaled 70 million. And it’s estimated that the global cost of cybercrime by the end of 2019 will total $2 trillion.

      In response to the new cybersecurity reality, it is estimated that the annual spending on cloud security tools by 2023 will total $12.6 billion.

      Below, we’ll cover six ways to secure your cloud. This list is by no means exhaustive, but it will give you an idea of the security considerations that should be considered.

      Mitigating Cybersecurity Threats with Cloud Security Systems and Tools

      1. Intrusion Detection and 2. Intrusion Prevention Systems

      Intrusion detection systems (IDS) and intrusion prevention systems (IPS) are other important tools for ensuring your cloud environment is secure. These systems actively monitor the cloud network and systems for malevolent action and rule abuses. The action or rule may be reported directly to your administration team or collected and sent via a secure channel to an information management solution.

      IDSs have a known threat database that monitors all activity by users and the devices in your cloud environment to immediately spot threats such as SQL injection techniques, known malware worms with defined signatures and invalid secure certificates.

      IPS devices work at different layers and are often features of next-generation firewalls. These solutions are known for real-time deep packet inspection that alerts to potential threat behaviors. Sometimes these behaviors may be false alarms but are still important for learning what is and what is not a threat for your cloud environment.

      3. Isolating Your Cloud Environment for Various Users

      As you consider migrating to the cloud, understand how your provider will isolate your environment. In a multi-tenant cloud, with many organizations using the same technology resources (i.e. multi-tenant storage), you have segmented environments using vLAN’s and firewalls configured for least access. Any-any rules are the curse of all networks and are the first thing to look for when investigating the firewall rules. Much like leaving your front door wide-open all day and night, this firewall rule is an open policy of allowing traffic from any source to any destination over any port. A good rule of thumb is to block all ports and networks and then work up from there, testing each application and environment in a thorough manner. This may seem time consuming but going through a checklist of ports and connection scenarios from the setup is more efficient then doing the work of opening ports and allowing networks later.

      It’s also important to remember that while the provider owns the security of the cloud, customers own the security of their environments in the cloud. Assess tools and partners that allow you take better control. For instance, powerful tools such as VMware’s NSX support unified security policies and provide one place to manage firewall rules with its automation capabilities.

      4. User Entity Behavior Analytics

      Modern threat analysis employs User Entity Behavior Analytics (UEBA) and is invaluable to your organization in mitigating compromises of your cloud software. Through a machine learning model, UEBA analyzes data from reports and logs, different types of threat data and more to discern whether certain activities are a cyberattack.

      UEBA detects anomalies in the behavior patterns of your organization’s members, consultants and vendors. For example, the user account for a manager in the finance department would be flagged if it is downloading files from different parts of the world at different times of the day or is editing files from multiple time zones at the same time. In some instances, this might be legitimate behavior for this user, but the IT director should still give due diligence when the UEBA outs out this type of alert.  A quick call to confirm the behavior can prevent data loss or the loss of millions of dollars in revenue if the cloud environment has indeed been compromised.

      5. Role-Based Access Control

      All access should be given with caution and on an as-needed basis. Role-based access control (RBAC) allows employees to access only the information that allows them to do their jobs, restricting network access accordingly. RBAC tools allow you to designate what role the user plays—administrator, specialist, accountant, etc.—and add them to various groups. Permissions will change depending on user role and group membership. This is particularly useful for DevOps organizations where certain developers may need more access than others, as well as to specific cloud environments, but not others.

      When shifting to a RBAC, document the changes and specific user roles so that it can be put into a written policy. As you define the user roles, have conversations with employees to understand what they do. And be sure to communicate why implementing RBAC is good for the company. It not only helps you secure your company’s data and applications by managing employees, but third-party vendors, as well.

       6. Assess Third Party Risks

      As you transition to a cloud environment, vendor access should also be considered. Each vendor should have unique access rights and access control lists (ACL) in place that are native to the environments they connect from. Always remember that third party risk equates to enterprise risk. Infamous data breach incidents (remember Target in late 2013?) resulting from hackers’ infiltration of an enterprise via a third-party vendor should be enough of a warning to call into question how much you know about your vendors and the security controls they have in place. Third party risk management is considered a top priority for cybersecurity programs at a number of enterprises. Customers will not view your vendor as a separate company from your own in the event that something goes sideways and the information goes public. Protect your company’s reputation by protecting it from third party risks.

      Parting Thoughts

      The above tools are just several resources for ensuring your cloud environment is secure in multi-tenant or private cloud situations. As you consider the options for your cloud implementation, working with a trusted partner is a great way to meet your unique needs for your specific cloud environment.

      Explore INAP Managed Security.


      Allan Williamson
      • Technical Account Manager


      Source link