Cisco: Attackers 'Weaponize' Cloud Services
Attackers are leveraging the cloud to make their attacks more effective, while enterprises are failing to protect themselves against attacks on their cloud infrastructure, according to Cisco's annual security survey.
The Cisco 2018 Annual Cybersecurity Report, released Wednesday, found that more than half of all attacks result in financial damages of more than $500,000, including lost revenue, customers, opportunities and out-of-pocket costs, Cisco Systems Inc. (Nasdaq: CSCO) says. (See Cisco Cybersecurity Report Maps Threat Landscape for 2018.)
Some 27% of security professionals surveyed by Cisco said they are using off-premises private cloud, compared with 20% in 2016, Cisco says. More than half of those, or 57%, cite better data security for the cloud.
However, attackers are using the cloud too. They're using social media and the cloud for command and control of attacks. And attackers are using cloud resources to host malware, and using advanced architecture such as microservices to stay ahead of their targets. They know that enterprises can't block social media or cloud platforms such as Amazon Web Services Inc. and Google Cloud Platform . These platforms have become essential to business, Franc Artes, architect for Cisco Security Business, tells Enterprise Cloud News.
Attackers also use single sign-on authentication services such as OATH to compromise users' social media accounts and then use that access to get into enterprise software-as-a-service (SaaS) applications, just as they previously broke into email to gain access to the enterprise, Artes says.
Enterprises move to the cloud not realizing that cloud infrastructure requires security protection, just as on-premises infrastructure does. "You need to be securing microservices and cloud-based systems the same way you do internally," Artes says. "You're leasing infrastructure; you're not leasing added security." SaaS applications provide added security, but IaaS needs security provided by the user.
In some ways, cloud infrastructure can multiply security problems compared with on-premises. With on-premises infrastructure, attackers need to be on premises or on the WAN, but on the cloud, attackers can be anywhere in the world, Artes says.
"There's a belief that somehow by using Amazon, or Google or Azure to lease infrastructure as a service you are winding up with better security," Artes says. But enterprises need to do the work to make sure their systems are secure, whether on-premises or in the cloud.
In another emerging trend, Cisco is seeing malware emerge whose primary goal is to cause disruption of service. This malware, such as the WannaCry attack in May, masquerades as ransomware, but attackers aren't seeing a ransom; their primary goal is to destroy data on the target network, Artes says. (See Kaspersky Names WannaCry 'Vulnerability of the Year'.)
"They have a thin layer of ransomware but their actual focus is to destroy data and operational capability," Artes says.
As part of that goal, malware stays dormant for long periods, so that it can better infect backups and archives, Artes says.
Who benefits from disrupting target systems? Nation-state attackers, Artes says. And indeed North Korea was blamed for WannaCry by the US, UK and several other nations in December. (See The Hard Work of Pointing Fingers.)
What can enterprises do to protect themselves? Follow security basics, starting with keeping up with patching. "It's the year 2018 and we're still making that recommendation," Artes says. Malware tends to target older software with known vulnerabilities that users often do not patch.
Also, train users at all levels in what they need to know to protect the enterprise. The receptionist doesn't need to know the intricacies of SSL, but he or she should know how to recognize phishing or a social engineering attack, Artes says.
Similarly, enterprises need to do more to patch the growing array of Internet of Things devices, Artes says.
Cisco's security report beats a drum that Cisco has been playing through much of 2017 -- that attackers are using encryption to hide their attacks, and conceal that encrypted information in legitimate, encrypted network traffic. Some 50% of web traffic was encrypted as of October. Machine learning can help security defenses learn how to automatically detect suspicious patterns in encrypted web traffic, cloud and IoT environment. Cisco last month introduced technology to do just that. (See Cisco Plugs Encryption Hole in Network Security.)
Attackers are targeting trusted software for infection, such as the Nyetya and Ccleaner attacks last year, to infect users, which Cisco described as "supply chain attackers." Users should review third-party testing to reduce the risk of these attacks. (See CCleaner Infection Reveals Sophisticated Hack.)
Get the report here: Cisco 2018 Annual Cybersecurity Report
Security is a significant part of Cisco's business and strong growth driver, bringing in $558 million, up 6% year-over-year in second-quarter results reported this month. Overall second-quarter revenue was $11.9 billion (See Cisco Returns to Growth, With Help From Network Automation.)
Security is a pillar of Cisco's transition from selling products to recurring revenue from software and cloud services. (See Cisco's 'Network Intuitive': A Risky Transition.)
This year, Cisco bought Skyport Systems, a privately held company which secures infrastructure using hyperconverged systems managed over the cloud. (See Cisco to Buy Skyport Systems for Cloud Security.)
In addition to today's security report, Cisco recently rolled out its Global Cloud Index, which found that cloud traffic is taking over data centers, as hyperscale data centers run more and more workloads previously run on traditional architectures. Cisco: Data Centers Are Eating the Internet
- Cisco: Enterprises Will 'Spend Differently'
- AWS & VMware Vs. Cisco & Google: A Cloud Fight Worth Watching
- Cisco: We'll Put IT Back in Charge
— Mitch Wagner Editor, Enterprise Cloud News