It’s time to look at your organization differently – someone else already is!
Anyone know who this is? Seth Godin – Creator of Google Marketing, Author of NYT Best Sellers, Bizzillionare – in many of his books – he talks about the importance of definitions in business/business meetings – getting everyone on the same page…..I have adopted that methodology and would like to start there – what is the cloud?
We can all agree that there are a wide variety of types of cloud computing: private, public, hybrid, community, etc…But are they all secure/safe by default? Does the provider hold responsibility for keeping your data safe? What makes me laugh is when people complain about the cloud when they are utililsing a FREE service…..E-Mail is the biggest one….
So everyone has a cloud in 2018 – the 800lb. Gorillas in the game most certainly have a large presence: Microsoft, Google, Amazon
The cloud has become part of our every day lives – there really isn’t a way of getting around it. You can no longer buy a CD for software, it’s delivered to you via the cloud. The 800lb. Gorrila/the mother ship/Microsoft now has included ways to save your work to the cloud as a default location. You can utilize google photos to save space on your i-phone…..for free!
We can all agree that there are a wide variety of types of cloud computing: private, public, hybrid, community, etc…But are they all secure/safe by default? Does the provider hold responsibility for keeping your data safe? E-Mail is the biggest one….
We can all agree that there are a wide variety of types of cloud computing: private, public, hybrid, community, etc…But are they all secure/safe by default? Does the provider hold responsibility for keeping your data safe? What makes me laugh is when people complain about the cloud when they are utililsing a FREE service…..E-Mail is the biggest one….
Jim is a long term employee of 18+ years with the same “company” and performs his job well. Jim is a accounting professional supporting multiple departments and reports to a C-Suite title. On March 22nd, Jim entered work just like any other day- started his day by logging on to his PC, checking e-mail and returning voicemails. Jim was just getting his day started when he noticed his PC acting funny, internet was on and off for a few minutes and then completely locked out with no email or internet or access to his files. His PC was affected with ransomware as was his entire network.
Let’s address the elephant in the room….Atlanta was the “company” that was hacked. It made national news and unfortunately a number of other cities followed. Savannah and Baltimore just to name a couple.
Let’s start with the elephant in the room – the city of ATL was recently hacked – Ransomware. Orbits was also hacked with almost a million customer records leaked. This sort of stuff happens every day – it’s just the ones that carry a large recognizable logo that make the headlines – this happens even more often in the Mid-sized market place, but they don’t report it because they aren’t household names.
Who here has rented a car recently? What is the 1st thing you do…..after signing paperwork? You walk around the car with the rep, check for dents/dings, check gas level, make sure is has 4 tires, etc. They don’t check the engine with you, they don’t check the electronics, the power windows, etc. They give you a car that drives……that’s it, and you’re off.
What do you travel with? What do you put in your car? Would you leave this in a “bad” part of town with the windows down and the doors unlocked? So why are you leaving your cloud in the bad part of town with doors unlocked and windows down?
What are you able to put around your car? Lock the doors? Hire someone (MSP – Staff) to watch it? Put a fence around it (Technology?) Spot lights to ensure you can see it at all times (technology?)
You have the responsibility to protect that car/cloud – it’s in good share when it was given to you – but the provider’s responsibility do in fact end there – they’ve give you the keys, now you have to manage it, protect it, ensure it stays safe…..So how do you do that?
So, we built a cloud environment from a popular cloud service provider (CSP), deployed a server instance in our new cloud environment, and using all the native tools that were available through the CSP, connected our new “cloud service” to the Internet. In addition, for added assurance, we also deployed a Honeypot in front of our new cloud service just on the off-chance something were to slip past the native controls . . . we connected our service through our Honeypot and sat back and watched what happened . . . And almost immediately we found some “interesting” results . . .
149 attacks identified by our HoneyPot
Ninety two (92) ssh/telnet attacks
One (1) scripting attack
Seven (7) attacks targeting TCP/UDP ports
Forty nine (49) network based
According to Distil Networks: “Bad bots made up 20% of all web traffic and are everywhere, at all times—they don’t take breaks and they don’t sleep. Even though bad bots are on all sites, larger sites were hit the hardest in 2016. Bad bots accounted for 21.83% of large website web traffic, which saw an increase of 36.43% since 2015.” Also, “Data centers were the weapon of choice for bad bots with 60.1% coming from the cloud. Amazon AWS was the top originating ISP for the third year in a row with 16.37% of all bad bot traffic—four times more than the next ISP (OVH SAS).”
The challenge – these bot armies are programmed to
After 7 days:
3.97 Million ssh/telnet based attempts + malware uploaded to the cloud
826 attack attemps detected by Dionaea
9 attack attempts detected by the elastic pot search engine
98 attempts detected by the web application honeypot glastopf
and almost 4900 attacks detected by Honeytrap
It‘s clear we have a problem – native controls aren‘t enough . . . How do cloud providers deal with this?
It is worth noting that these figures do not contain any clean traffic. Since there are no real services behind our honeypot, everything we saw and captured were attempts to compromise our environment. In total, we witnessed:
3.97 Million ssh/telnet based attempts + malware uploaded to the cloud
826 attack attemps detected by Dionaea
9 attack attempts detected by the elastic pot search engine
98 attempts detected by the web application honeypot glastopf
and almost 4900 attacks detected by Honeytrap
Our test simulated a typical cloud environment, thus this is what customers are likely to see in a similar span of time – especially if they just utilize the native ACL filters available through their cloud provider. We can clearly see that cloud assets are vulnerable to the same types of attacks targeting our premises-based networks, but the key difference is that on-prem we deploy advanced security protections to safeguard our assets; we need to start doing the same thing in the cloud.
Let’s start with the elephant in the room – the city of ATL was recently hacked – Ransomware. Orbits was also hacked with almost a million customer records leaked. This sort of stuff happens every day – it’s just the ones that carry a large recognizable logo that make the headlines – this happens even more often in the Mid-sized market place, but they don’t report it because they aren’t household names.
We are in talks with companies that take their security so serious they are adding layers of protection that are not just technology – they include their attorney to document conversations – having a legal layer of protection. Lots of firms are now implementing cyber-insurance as an added layer of protection (re-active), but another layer.