Cloud security and the evolution of attack methods

Image Credit: Shutterstock

While many businesses make the decision to move their data to the cloud for improved security, Symantec’s 2019 Internet Security Threat Report sheds light on the fact taht cloud resources are becoming increasingly targeted by cybercriminals. Quick and easy attack methods such as formjacking and cryptojacking are gaining popularity as attackers look to exploit the cloud for their own gain.

TechRadar Pro spoke with CloudHealth by VMWare’s Director of Technology Operations, Anton Gurov to learn more about how organizations can better protect themselves from the latest cyber threats and their data from ending up in the hands of cybercriminals.

1. How have the tactics used by hackers changed over the last few years?

In one sense, the tactics used by hackers haven’t really changed – they still get by looking for lapses, and exploiting those gaps. What’s changed, however, is the technology and the speed with which they can discover weaknesses. There are still a lot of less glamourous things that you have to do to keep your company – and your data – secure. It’s just like flossing, or brushing your teeth – it’s not the sexiest thing, but it’s core for dental hygiene. It’s not exciting; it’s just what you have to do to ensure you’re on top of things.

Nowadays, it’s definitely harder to keep up with hackers; there are just so many more ways to exploit gaps – a larger surface vector to cover, if you will, especially on the cloud side of things. There are so many different knobs you can turn, and it’s a lot to keep track of. Which is why it’s so important to put governance in place, and to use proactive policies that continuously monitor your cloud environment for vulnerabilities and security risks.

Image Credit: Shutterstock

Image Credit: Shutterstock

2. What recent data breaches have surprised you the most?

Honestly, any basic security lapse that has stemmed from a known vulnerability surprises me. I’m also surprised by the scale of some of the recent breaches – the sheer amount of data that’s been exposed can be staggering.

3. What can businesses do to better protect their data in the cloud?

What can businesses do? Well, the biggest cloud providers offer tools and technology that can give you better visibility into your current security. That’s the magic of the cloud; all that data is available, and it’s all at your fingertips. You just need to pull, analyze and look at it, and then ask, “OK, what do the needs of my business demand?”

A cloud environment has the added benefit of being highly automated, too. It provides APIs that you can use to govern your infrastructure, making it easy for you. And again, focusing on the “boring” stuff – things such as regular vulnerability scanning, penetration testing, patch management, configuration hardening, identity and access management, and so on – because what may seem routine is actually incredibly important.

Image Credit: Pixabay

Image Credit: Pixabay (Image credit: Image Credit: TheDigitalArtist / Pixabay)

4. How do cybercriminals target an organization’s IT infrastructure?

Cybercriminals target an organization’s IT infrastructure in a number of ways, and exploiting the human factor we all have is just one of those. Social engineering, things like spear phishing, exploits a known weakness – but some of the best prevention to this is simply training. Build that human firewall, and ensure that employees are well equipped in these areas. Cybercriminals will also do continuous scanning and reconnaissance, and throughout my career, I’ve learned that even if you have a short lived gap – or a tiny misconfiguration – chances are that someone will try to exploit it almost immediately. 

Let’s also not assume that just because you don’t work at a Fortune1000 company, or host financial data, that you aren’t a viable target – after all, there are multiple types of attacks. Someone may not be going after your data – they might be going after your computer resources, your financial information, or they’ll simply use your infrastructure as a stepping stone for further attacks.

5. Can you explain how popular attack methods such as phishing, malware and ransomware have evolved over the past few years?

Well, I can only speak from the perspective of an end user, but my belief is that these methods will only become more pervasive as time passes – you can already buy so much on the darknet for surprisingly small amounts of money.

Image Credit: Shutterstock

Image Credit: Shutterstock (Image credit: Shutterstock)

6. How do you think the cybersecurity landscape will change in the near future?

I’m very interested in this topic, but by no means am I an expert. 

There are varying schools of thought – just recently, I read a paper that speculated that we should not worry about hijacked information, because it lacks context and is essentially useless without the surrounding knowledge of what to do with that IP. I’m not saying I agree, I just think it’s an interesting argument – but my personal belief is that we need to continue to invest in basic coverage. 

We need to evaluate risk by assigning a dollar value to it, rather than blindly spending money to ameliorate the root issue.

7. Do you believe AI and ML will play a greater role in cybersecurity?

Absolutely, although to be fair, it’s hard to find an industry where AI and ML won’t play a greater role in the future. You have vendors like Amazon, who are making great strides in this area on behalf of their customers, with services like GuardDuty. I’ll also quote the Founder of CloudHealth, Joe Kinsella, who has said that smart software, which builds upon principles of AI and ML, will enable businesses to make faster, better decisions by automating processes that would otherwise rely on a human. He applies this concept to cloud management, but it holds true in security as well.