Sponsored By

Cisco: Attackers 'Weaponize' Cloud Services

Attackers are launching attacks from the cloud, while enterprises migrating to the cloud are leaving themselves vulnerable by failing to take basic precautions, according to the Cisco 2018 Annual Cybersecurity Report.

Mitch Wagner

February 21, 2018

6 Min Read
Cisco: Attackers 'Weaponize' Cloud Services

Attackers are leveraging the cloud to make their attacks more effective, while enterprises are failing to protect themselves against attacks on their cloud infrastructure, according to Cisco's annual security survey.

The Cisco 2018 Annual Cybersecurity Report, released Wednesday, found that more than half of all attacks result in financial damages of more than $500,000, including lost revenue, customers, opportunities and out-of-pocket costs, Cisco Systems Inc. (Nasdaq: CSCO) says. (See Cisco Cybersecurity Report Maps Threat Landscape for 2018.)

Some 27% of security professionals surveyed by Cisco said they are using off-premises private cloud, compared with 20% in 2016, Cisco says. More than half of those, or 57%, cite better data security for the cloud.

However, attackers are using the cloud too. They're using social media and the cloud for command and control of attacks. And attackers are using cloud resources to host malware, and using advanced architecture such as microservices to stay ahead of their targets. They know that enterprises can't block social media or cloud platforms such as Amazon Web Services Inc. and Google Cloud . These platforms have become essential to business, Franc Artes, architect for Cisco Security Business, tells Enterprise Cloud News.

Figure 1:

You're invited to attend Light Reading's Big Communications Event  – the one event that delivers fresh perspective on the rapid transformation of the telecom industry and the road ahead. We'll see you May 14-16 in Austin – communications service providers get in free!

Attackers also use single sign-on authentication services such as OATH to compromise users' social media accounts and then use that access to get into enterprise software-as-a-service (SaaS) applications, just as they previously broke into email to gain access to the enterprise, Artes says.

Enterprises move to the cloud not realizing that cloud infrastructure requires security protection, just as on-premises infrastructure does. "You need to be securing microservices and cloud-based systems the same way you do internally," Artes says. "You're leasing infrastructure; you're not leasing added security." SaaS applications provide added security, but IaaS needs security provided by the user.

In some ways, cloud infrastructure can multiply security problems compared with on-premises. With on-premises infrastructure, attackers need to be on premises or on the WAN, but on the cloud, attackers can be anywhere in the world, Artes says.

"There's a belief that somehow by using Amazon, or Google or Azure to lease infrastructure as a service you are winding up with better security," Artes says. But enterprises need to do the work to make sure their systems are secure, whether on-premises or in the cloud.

In another emerging trend, Cisco is seeing malware emerge whose primary goal is to cause disruption of service. This malware, such as the WannaCry attack in May, masquerades as ransomware, but attackers aren't seeing a ransom; their primary goal is to destroy data on the target network, Artes says. (See Kaspersky Names WannaCry 'Vulnerability of the Year'.)

"They have a thin layer of ransomware but their actual focus is to destroy data and operational capability," Artes says.

As part of that goal, malware stays dormant for long periods, so that it can better infect backups and archives, Artes says.

Who benefits from disrupting target systems? Nation-state attackers, Artes says. And indeed North Korea was blamed for WannaCry by the US, UK and several other nations in December. (See The Hard Work of Pointing Fingers.)

What can enterprises do to protect themselves? Follow security basics, starting with keeping up with patching. "It's the year 2018 and we're still making that recommendation," Artes says. Malware tends to target older software with known vulnerabilities that users often do not patch.

Also, train users at all levels in what they need to know to protect the enterprise. The receptionist doesn't need to know the intricacies of SSL, but he or she should know how to recognize phishing or a social engineering attack, Artes says.

Similarly, enterprises need to do more to patch the growing array of Internet of Things devices, Artes says.

Cisco's security report beats a drum that Cisco has been playing through much of 2017 -- that attackers are using encryption to hide their attacks, and conceal that encrypted information in legitimate, encrypted network traffic. Some 50% of web traffic was encrypted as of October. Machine learning can help security defenses learn how to automatically detect suspicious patterns in encrypted web traffic, cloud and IoT environment. Cisco last month introduced technology to do just that. (See Cisco Plugs Encryption Hole in Network Security.)

Attackers are targeting trusted software for infection, such as the Nyetya and Ccleaner attacks last year, to infect users, which Cisco described as "supply chain attackers." Users should review third-party testing to reduce the risk of these attacks. (See CCleaner Infection Reveals Sophisticated Hack.)

Get the report here: Cisco 2018 Annual Cybersecurity Report

Security is a significant part of Cisco's business and strong growth driver, bringing in $558 million, up 6% year-over-year in second-quarter results reported this month. Overall second-quarter revenue was $11.9 billion (See Cisco Returns to Growth, With Help From Network Automation.)

Security is a pillar of Cisco's transition from selling products to recurring revenue from software and cloud services. (See Cisco's 'Network Intuitive': A Risky Transition.)

This year, Cisco bought Skyport Systems, a privately held company which secures infrastructure using hyperconverged systems managed over the cloud. (See Cisco to Buy Skyport Systems for Cloud Security.)

In addition to today's security report, Cisco recently rolled out its Global Cloud Index, which found that cloud traffic is taking over data centers, as hyperscale data centers run more and more workloads previously run on traditional architectures. Cisco: Data Centers Are Eating the Internet

Related posts:

— Mitch Wagner Follow me on Twitter Visit my LinkedIn profile Visit my blog Follow me on Facebook Editor, Enterprise Cloud News

About the Author(s)

Mitch Wagner

Executive Editor, Light Reading

San Diego-based Mitch Wagner is many things. As well as being "our guy" on the West Coast (of the US, not Scotland, or anywhere else with indifferent meteorological conditions), he's a husband (to his wife), dissatisfied Democrat, American (so he could be President some day), nonobservant Jew, and science fiction fan. Not necessarily in that order.

He's also one half of a special duo, along with Minnie, who is the co-habitor of the West Coast Bureau and Light Reading's primary chewer of sticks, though she is not the only one on the team who regularly munches on bark.

Wagner, whose previous positions include Editor-in-Chief at Internet Evolution and Executive Editor at InformationWeek, will be responsible for tracking and reporting on developments in Silicon Valley and other US West Coast hotspots of communications technology innovation.

Beats: Software-defined networking (SDN), network functions virtualization (NFV), IP networking, and colored foods (such as 'green rice').

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like