& cplSiteName &

Cisco: Attackers 'Weaponize' Cloud Services

Mitch Wagner

Attackers are leveraging the cloud to make their attacks more effective, while enterprises are failing to protect themselves against attacks on their cloud infrastructure, according to Cisco's annual security survey.

The Cisco 2018 Annual Cybersecurity Report, released Wednesday, found that more than half of all attacks result in financial damages of more than $500,000, including lost revenue, customers, opportunities and out-of-pocket costs, Cisco Systems Inc. (Nasdaq: CSCO) says. (See Cisco Cybersecurity Report Maps Threat Landscape for 2018.)

Some 27% of security professionals surveyed by Cisco said they are using off-premises private cloud, compared with 20% in 2016, Cisco says. More than half of those, or 57%, cite better data security for the cloud.

However, attackers are using the cloud too. They're using social media and the cloud for command and control of attacks. And attackers are using cloud resources to host malware, and using advanced architecture such as microservices to stay ahead of their targets. They know that enterprises can't block social media or cloud platforms such as Amazon Web Services Inc. and Google Cloud Platform . These platforms have become essential to business, Franc Artes, architect for Cisco Security Business, tells Enterprise Cloud News.

You're invited to attend Light Reading's Big Communications Event  – the one event that delivers fresh perspective on the rapid transformation of the telecom industry and the road ahead. We'll see you May 14-16 in Austin – communications service providers get in free!

Attackers also use single sign-on authentication services such as OATH to compromise users' social media accounts and then use that access to get into enterprise software-as-a-service (SaaS) applications, just as they previously broke into email to gain access to the enterprise, Artes says.

Enterprises move to the cloud not realizing that cloud infrastructure requires security protection, just as on-premises infrastructure does. "You need to be securing microservices and cloud-based systems the same way you do internally," Artes says. "You're leasing infrastructure; you're not leasing added security." SaaS applications provide added security, but IaaS needs security provided by the user.

In some ways, cloud infrastructure can multiply security problems compared with on-premises. With on-premises infrastructure, attackers need to be on premises or on the WAN, but on the cloud, attackers can be anywhere in the world, Artes says.

"There's a belief that somehow by using Amazon, or Google or Azure to lease infrastructure as a service you are winding up with better security," Artes says. But enterprises need to do the work to make sure their systems are secure, whether on-premises or in the cloud.

In another emerging trend, Cisco is seeing malware emerge whose primary goal is to cause disruption of service. This malware, such as the WannaCry attack in May, masquerades as ransomware, but attackers aren't seeing a ransom; their primary goal is to destroy data on the target network, Artes says. (See Kaspersky Names WannaCry 'Vulnerability of the Year'.)

"They have a thin layer of ransomware but their actual focus is to destroy data and operational capability," Artes says.

As part of that goal, malware stays dormant for long periods, so that it can better infect backups and archives, Artes says.

Who benefits from disrupting target systems? Nation-state attackers, Artes says. And indeed North Korea was blamed for WannaCry by the US, UK and several other nations in December. (See The Hard Work of Pointing Fingers.)

What can enterprises do to protect themselves? Follow security basics, starting with keeping up with patching. "It's the year 2018 and we're still making that recommendation," Artes says. Malware tends to target older software with known vulnerabilities that users often do not patch.

Also, train users at all levels in what they need to know to protect the enterprise. The receptionist doesn't need to know the intricacies of SSL, but he or she should know how to recognize phishing or a social engineering attack, Artes says.

Similarly, enterprises need to do more to patch the growing array of Internet of Things devices, Artes says.

Cisco's security report beats a drum that Cisco has been playing through much of 2017 -- that attackers are using encryption to hide their attacks, and conceal that encrypted information in legitimate, encrypted network traffic. Some 50% of web traffic was encrypted as of October. Machine learning can help security defenses learn how to automatically detect suspicious patterns in encrypted web traffic, cloud and IoT environment. Cisco last month introduced technology to do just that. (See Cisco Plugs Encryption Hole in Network Security.)

Attackers are targeting trusted software for infection, such as the Nyetya and Ccleaner attacks last year, to infect users, which Cisco described as "supply chain attackers." Users should review third-party testing to reduce the risk of these attacks. (See CCleaner Infection Reveals Sophisticated Hack.)

Get the report here: Cisco 2018 Annual Cybersecurity Report

Security is a significant part of Cisco's business and strong growth driver, bringing in $558 million, up 6% year-over-year in second-quarter results reported this month. Overall second-quarter revenue was $11.9 billion (See Cisco Returns to Growth, With Help From Network Automation.)

Security is a pillar of Cisco's transition from selling products to recurring revenue from software and cloud services. (See Cisco's 'Network Intuitive': A Risky Transition.)

This year, Cisco bought Skyport Systems, a privately held company which secures infrastructure using hyperconverged systems managed over the cloud. (See Cisco to Buy Skyport Systems for Cloud Security.)

In addition to today's security report, Cisco recently rolled out its Global Cloud Index, which found that cloud traffic is taking over data centers, as hyperscale data centers run more and more workloads previously run on traditional architectures. Cisco: Data Centers Are Eating the Internet

Related posts:

— Mitch Wagner Follow me on Twitter Visit my LinkedIn profile Visit my blog Follow me on Facebook Editor, Enterprise Cloud News

(13)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
Educational Resources
sponsor supplied content
Educational Resources Archive
More Blogs from Wagner’s Ring
Platform is designed to enable enterprises to build big data analytics apps that move easily between public and private clouds.
Buying Evident.io extends Palo Alto's portfolio with API-based security capabilities and compliance automation.
Google wants to win the hearts of enterprise IT for Chrome OS on the desktop, but it has a long way to go.
IBM Cloud gets a security and Kubernetes performance boost.
Atlassian moved its Jira and Confluence developer collaboration tools to Amazon Web Services.
Featured Video
From The Founder
Ngena's global 'network of networks' solves a problem that the telecom vendors promised us would never exist. That doesn't mean its new service isn't a really good idea.
Flash Poll
Upcoming Live Events
March 28, 2018, Kansas City Convention Center
April 4, 2018, The Westin Dallas Downtown, Dallas
April 9, 2018, Las Vegas Convention Center
May 14-16, 2018, Austin Convention Center
May 14, 2018, Brazos Hall, Austin, Texas
September 24-26, 2018, Westin Westminster, Denver
October 9, 2018, The Westin Times Square, New York
October 23, 2018, Georgia World Congress Centre, Atlanta, GA
November 7-8, 2018, London, United Kingdom
November 8, 2018, The Montcalm by Marble Arch, London
November 15, 2018, The Westin Times Square, New York
December 4-6, 2018, Lisbon, Portugal
All Upcoming Live Events
Hot Topics
Dell CTO: Public Cloud Is 'Way More Expensive Than Buying From Us'
Mitch Wagner, Mitch Wagner, Editor, Enterprise Cloud, Light Reading, 3/19/2018
IBM Faces Age Discrimination Accusations
Mitch Wagner, Mitch Wagner, Editor, Enterprise Cloud, Light Reading, 3/22/2018
Eurobites: Cambridge Analytica Feels the Heat
Paul Rainford, Assistant Editor, Europe, 3/20/2018
HR: Cable Dominates US Broadband
Carol Wilson, Editor-at-large, 3/21/2018
Animals with Phones
Live Digital Audio

A CSP's digital transformation involves so much more than technology. Crucial – and often most challenging – is the cultural transformation that goes along with it. As Sigma's Chief Technology Officer, Catherine Michel has extensive experience with technology as she leads the company's entire product portfolio and strategy. But she's also no stranger to merging technology and culture, having taken a company — Tribold — from inception to acquisition (by Sigma in 2013), and she continues to advise service providers on how to drive their own transformations. This impressive female leader and vocal advocate for other women in the industry will join Women in Comms for a live radio show to discuss all things digital transformation, including the cultural transformation that goes along with it.

Like Us on Facebook
Twitter Feed