Donald Meyer, Head of Product Marketing, Data Center & Cloud, Check Point SoftwareWith the start of every New Year we see many exciting new trends. But if the past is any indication, the security threat landscape will constantly change and present new challenges ahead.
Looking into some of those trends and challenges is our Check Point security team. At the end of each year, they spend time imagining what the threat landscape might look like in the coming year. This gives us the opportunity to analyze the security trends we’ve followed over the past year, and it allows us to creatively extrapolate what might potentially happen next. By anticipating the next wave of threats, we hope to help businesses stay ahead of the evolving tactics and exploits that criminals use to target them.
"Cyber criminals like low hanging fruit"
Check Point recently commissioned a research survey to gain insight from IT professionals on their top security concerns. An overwhelming majority—93 percent—of organizations are very or moderately concerned about cloud security. Based on our analysis and survey results, here are a couple of predictions along with additional cloud security threats and trends that we expect to see during 2017:
1: There will be an Attack on a Major Cloud Provider
As enterprises continue to put more data and migrate production workloads on the public cloud, an attack to disrupt or take down a major cloud provider will affect all of their customers’ businesses. While generally disruptive, it could be used as a means to impact a specific competitor or organization, who would be one of many affected, making it difficult to determine motive.
We all remember the five-hour outage at AWS in September 2015 that affected a number of AWS services and quite a few customers. The issue was isolated to the “US-EAST-1 Region” and was caused by a problem with Amazon’s DynamoDB. The net result of this event was any service that utilized DynamoDB in that region got affected. After a marathon six-hour battle, AWS was able to increase the capacity of the metadata service, thus restoring it and the corresponding storage services. The key take-away: outages will happen—even in the cloud.
2: Ransomware will Find its Way into a Data Center
There will be a rise in ransomware attacks impacting cloud-based data centers. As more organizations embrace the cloud, both public and private, these types of attacks will start finding their way into this new infrastructure through either encrypted files spreading cloud to cloud or by hackers using the cloud as a volume multiplier. In our current cloud security survey, over 80 percent of cyber-security professionals are very or moderately concerned about ransomware.
Many Internet users are unaware that ransomware also can just as easily seize control over files stored on cloud services. Businesses often have an antivirus installed on the server, but that’s proving to be insufficient. Ransomware is able to sneak past those defenses because the cyber criminals distributing ransomware engineer it to evade detection.
Cloud-based data centers are a rich target for ransomware for a number of reasons. Here’s why:
• Data centers hold the most sensitive, lucrative information. Targeting environments where the most sensitive and critical data is stored can facilitate the extortion of potentially huge sums of money, on a totally different scale than the current client device ransomware payouts of $100-2000 per infection.
• Financially motivated professional cybercriminals operate successfully in the wild, and are constantly looking for new targets. Hackers like those behind the Carbanak APT, Morpho/Butterfly APTs, GameOverZeuS group and others are fully capable of conducting ransomware attacks on cloud-based data centers.
• Traditional security protections don’t fit the dynamic nature of cloud-based data centers, so advanced security is often not deployed in the cloud that could prevent infections. In addition, the shared responsibility model public cloud providers utilize provides a false sense of security for customers, which leaves their cloud environments and all that valuable data ripe for the picking.
• The rise of ransomware APTs that are specifically adjusted to target cloud-based data centers will become a significant risk to corporations asking to protect their most valuable assets. With data centers shifting to the cloud, ransomware is set to become a challenge for cloud security vendors.
Like the issue with potential service disruptions, a good strategy to combat this type of threat is with diligent data back-ups, a well-defined DR plan and deploying advanced threat prevention security into your cloud environment.
In addition to the issues raised above, there other cyber threats to cloud environments to take into consideration:
Data Leakage
In a multi-tenant cloud environment where resources are shared, placing sensitive data in the hands of a 3rd party vendor seems, intuitively, risky. In addition, safe harbor and privacy laws make control over your data— essential. Whether it happens because of access by government agencies, a malicious hacker attack or even by accident, data leakage would be a major security and/or privacy violation.
The best strategy in the cloud is to use strong encryption for data in transit and at rest; anything less is not worthwhile. When using the cloud, all data and metadata should be encrypted at the edge, before it leaves your premises. A good rule of thumb is trust no one but yourself in the cloud.
Unauthorized Access to Customer and Business Data
Cyber criminals like low hanging fruit. They tend to target small businesses because theyoften lack the resources and security expertise and can be easier to breach. But, hackers are also equal opportunity offenders going after large companies because of the allure of larger payouts.Whether big or small, cloud environments provide an interesting threat vector from an unauthorized access prospective. With multiple levels of administrators calling upon cloud provisioning, orchestration and management tools to define new apps and services – and more often than not, these admins are not fully aware of the security implications of their actions – visibility into who is logging in and what changes have been made is limited.
How do You Protect Your Company’s Cloud Data?
Just making yourself aware of these issues will get you started in the right direction. The biggest confidence builders include full visibility into all security events along with consistent security protections across both on-premise and cloud environments.
