& cplSiteName &

Cisco: Attackers 'Weaponize' Cloud Services

Mitch Wagner
2/21/2018
50%
50%

Attackers are leveraging the cloud to make their attacks more effective, while enterprises are failing to protect themselves against attacks on their cloud infrastructure, according to Cisco's annual security survey.

The Cisco 2018 Annual Cybersecurity Report, released Wednesday, found that more than half of all attacks result in financial damages of more than $500,000, including lost revenue, customers, opportunities and out-of-pocket costs, Cisco Systems Inc. (Nasdaq: CSCO) says. (See Cisco Cybersecurity Report Maps Threat Landscape for 2018.)

Some 27% of security professionals surveyed by Cisco said they are using off-premises private cloud, compared with 20% in 2016, Cisco says. More than half of those, or 57%, cite better data security for the cloud.

However, attackers are using the cloud too. They're using social media and the cloud for command and control of attacks. And attackers are using cloud resources to host malware, and using advanced architecture such as microservices to stay ahead of their targets. They know that enterprises can't block social media or cloud platforms such as Amazon Web Services Inc. and Google Cloud Platform . These platforms have become essential to business, Franc Artes, architect for Cisco Security Business, tells Enterprise Cloud News.


You're invited to attend Light Reading's Big Communications Event  – the one event that delivers fresh perspective on the rapid transformation of the telecom industry and the road ahead. We'll see you May 14-16 in Austin – communications service providers get in free!


Attackers also use single sign-on authentication services such as OATH to compromise users' social media accounts and then use that access to get into enterprise software-as-a-service (SaaS) applications, just as they previously broke into email to gain access to the enterprise, Artes says.

Enterprises move to the cloud not realizing that cloud infrastructure requires security protection, just as on-premises infrastructure does. "You need to be securing microservices and cloud-based systems the same way you do internally," Artes says. "You're leasing infrastructure; you're not leasing added security." SaaS applications provide added security, but IaaS needs security provided by the user.

In some ways, cloud infrastructure can multiply security problems compared with on-premises. With on-premises infrastructure, attackers need to be on premises or on the WAN, but on the cloud, attackers can be anywhere in the world, Artes says.

"There's a belief that somehow by using Amazon, or Google or Azure to lease infrastructure as a service you are winding up with better security," Artes says. But enterprises need to do the work to make sure their systems are secure, whether on-premises or in the cloud.

In another emerging trend, Cisco is seeing malware emerge whose primary goal is to cause disruption of service. This malware, such as the WannaCry attack in May, masquerades as ransomware, but attackers aren't seeing a ransom; their primary goal is to destroy data on the target network, Artes says. (See Kaspersky Names WannaCry 'Vulnerability of the Year'.)

"They have a thin layer of ransomware but their actual focus is to destroy data and operational capability," Artes says.

As part of that goal, malware stays dormant for long periods, so that it can better infect backups and archives, Artes says.

Who benefits from disrupting target systems? Nation-state attackers, Artes says. And indeed North Korea was blamed for WannaCry by the US, UK and several other nations in December. (See The Hard Work of Pointing Fingers.)

What can enterprises do to protect themselves? Follow security basics, starting with keeping up with patching. "It's the year 2018 and we're still making that recommendation," Artes says. Malware tends to target older software with known vulnerabilities that users often do not patch.

Also, train users at all levels in what they need to know to protect the enterprise. The receptionist doesn't need to know the intricacies of SSL, but he or she should know how to recognize phishing or a social engineering attack, Artes says.

Similarly, enterprises need to do more to patch the growing array of Internet of Things devices, Artes says.

Cisco's security report beats a drum that Cisco has been playing through much of 2017 -- that attackers are using encryption to hide their attacks, and conceal that encrypted information in legitimate, encrypted network traffic. Some 50% of web traffic was encrypted as of October. Machine learning can help security defenses learn how to automatically detect suspicious patterns in encrypted web traffic, cloud and IoT environment. Cisco last month introduced technology to do just that. (See Cisco Plugs Encryption Hole in Network Security.)

Attackers are targeting trusted software for infection, such as the Nyetya and Ccleaner attacks last year, to infect users, which Cisco described as "supply chain attackers." Users should review third-party testing to reduce the risk of these attacks. (See CCleaner Infection Reveals Sophisticated Hack.)

Get the report here: Cisco 2018 Annual Cybersecurity Report

Security is a significant part of Cisco's business and strong growth driver, bringing in $558 million, up 6% year-over-year in second-quarter results reported this month. Overall second-quarter revenue was $11.9 billion (See Cisco Returns to Growth, With Help From Network Automation.)

Security is a pillar of Cisco's transition from selling products to recurring revenue from software and cloud services. (See Cisco's 'Network Intuitive': A Risky Transition.)

This year, Cisco bought Skyport Systems, a privately held company which secures infrastructure using hyperconverged systems managed over the cloud. (See Cisco to Buy Skyport Systems for Cloud Security.)

In addition to today's security report, Cisco recently rolled out its Global Cloud Index, which found that cloud traffic is taking over data centers, as hyperscale data centers run more and more workloads previously run on traditional architectures. Cisco: Data Centers Are Eating the Internet

Related posts:

— Mitch Wagner Follow me on Twitter Visit my LinkedIn profile Visit my blog Follow me on Facebook Editor, Enterprise Cloud News

(13)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
Educational Resources
sponsor supplied content
Educational Resources Archive
More Blogs from Wagner’s Ring
Superior technology isn't enough.
In a misguided attempt to protect content creators, the EU's Article 11 and Article 13 would have the opposite effect, preserving Facebook, Google and other hypercloud platforms' monopolies – forever.
IBM and Cisco are working with Europe's largest port to reduce fuel consumption and other costs and improve safety.
In which we receive an alarming email from Oracle.
SD-WAN is about more than saving money – it also provides application delivery, insights and reliability. Find out more in this podcast sponsored by Citrix.
Featured Video
Flash Poll
Upcoming Live Events
October 23, 2018, Georgia World Congress Centre, Atlanta, GA
November 6, 2018, London, United Kingdom
November 7-8, 2018, London, United Kingdom
November 8, 2018, The Montcalm by Marble Arch, London
November 15, 2018, The Westin Times Square, New York
December 4-6, 2018, Lisbon, Portugal
March 12-14, 2019, Denver, Colorado
April 2, 2019, New York, New York
May 6-8, 2019, Denver, Colorado
All Upcoming Live Events
Partner Perspectives - content from our sponsors
One Size Doesn't Fit All – Another Look at Automation for 5G
By Stawan Kadepurkar, Business Head & EVP, Hi-Tech, L&T Technology Services
Prepare Now for the 5G Monetization Opportunity
By Yathish Nagavalli, Chief Enterprise Architect, Huawei Software
Huawei Mobile Money: Improving Lives and Accelerating Economic Growth
By Ian Martin Ravenscroft, Vice President of BSS Solutions, Huawei
Dealer Agent Cloud – Empower Your Dealer & Agent to Excel
By Natalie Dorothy Scopelitis, Director of Digital Transformation, Huawei Software
All Partner Perspectives