Cloud Security Learnings from 2022: Onto a Safer Cloud
What did attacks on cloud infrastructure teach us? Find out.
The rapid transition by organizations and governments to a cloud infrastructure has significantly increased the cyber threat landscape and potential critical points of failure within a network. Etay Maor, senior director of security strategy at Cato Networks, shares learnings to keep in mind and best practices to improve cloud infrastructure going forward.
According to Cloudwards.net, 94 percent of today’s enterprises use cloud services whilst Techjury.net reported 67 percent of current enterprise infrastructure is cloud-based. Whatever statistic is right, one thing is for sure that cybercrime will continue to cost businesses billions in losses.
Checkpoint’s Cyber Attack Trends: 2022 Mid-Year Report reported the first half of 2022 saw a rise in cyberattacks of 42 percent compared to 2021. With organizations heavily relying on cloud services in 2022, there was significant activity within the cybercriminal community to attack these businesses. Let’s look at some takeaways.
See More: Why Cloud-Forward Companies Need Cross-Cloud Security Solutions
Critical Infrastructure Attacked
The year started with a malicious ransomware attack that disabled critical services across Bernalillo County, New Mexico. This, in turn, stopped CCTV and automatic doors from working in its Metropolitan Detention Center (MDC), unexpectedly locking down prisoners.
In April, cyber criminals attacked multiple government systems in Costa Rica, causing a national emergency to be declared. The cybercriminals used ransomware to attack systems dealing with the country’s pension system, taxes, exports, and COVID-19 testing.
Then in June ‘22, a group of hackers attacked the production line at various steel factories in Iran and even caused a serious fire at one factory. This demonstrated the capabilities of digital criminals being able to cause damage in the physical world.
These attacks demonstrate how controlling a cyber-attack can be, crippling critical infrastructure and panicking governments.
Crime-as-a-Service
Throughout 2022, initial access brokers (IABs) have become a prominent threat creating ‘crime-as-a-service,’ a real economy for the criminal underworld selling access to company networks on the dark web. In August, Sophos researchers reported that an established automotive brand was the victim of three ransomware attacks within two weeks. Successfully exposing a remote desktop protocol (RDP) on a management server, the IAB responsible for the attack used the exact same entry point via a misconfigured firewall rule. An IAB also caused Cisco’s ransomware attack in May, and I’m sure there were many more.
Attacking the Cloud
As mentioned above, cloud services are taking over modern working practices, with Gartner, Inc. suggesting that by 2025, over 95 percent of workloads will be deployed to the cloud. But it is not only the workforce that are taking advantage of cloud services, it is the cybercriminals as well. These malicious actors are embracing cloud technology to spread malware to take over environments and execute commands and steal information remotely. Cloud services have also been used to deliver malicious Office documents and payloads on genuine cloud platforms such as GitHub, MediaFire and Blogger.
Failing the Entire System
Despite what many people believe and research the method of cyberattacks, we can bust one of the industry’s most popular myths that cyberattacks are down to one single point of failure. If you take the BlackCat ransomware attack, Microsoft analyzed how it played out in multiple stages, attacking various points of failure. Firstly, access was gained through unpatched vulnerabilities. The attacker then went on to collect system and network information and commenced a process to take credentials and gain access to devices via remote desktops. Using MEGASync and Rclone, the attacker started to transfer data, install ransomware, and encrypt the system. It also looks like they could have leveraged other undisclosed Mitre ATT&CK sub-techniques.
The problem in most cases of multi-point cyberattacks is the infrastructure being attacked will be made up of various vendors that work in conjunction with each other. In these cases, the security team becomes overwhelmed by the number of alerts and false positives, leading to an attack taking hold.
See More: Is Your Organization Ready to Secure Your Cloud Operations?
Best Practices for 2023
Heading into 2023, organizations need to keep pace with the increased number of threats being thrown at them. As technology evolves, so will the methods cybercriminals use identify the vulnerabilities within those solutions. In my opinion, there are three best practices that all organizations can take on board the will security posture.
Holistic security
Organizations should start to look at their security more holistically. By this, I mean, looking at the company’s infrastructure rather than securing it in isolation. To enable a security team to monitor a full network in one place and gain complete visibility of all devices, users, applications, and systems, a single-pass cloud engine like Secure Access Service Edge (SASE) should be used. It also enables them to add more information to activity and identify where suspicious requests come from, what device, plus what applications users are trying to access. Security teams can also use SASE to deploy relevant policies and virtually update patches in real-time.
Cloud first approach
If your infrastructure is in the cloud, then you must take a cloud-first approach to security. The Biden administration made the bold move to issue an executive order to encourage its government agencies to adopt cloud services but also concentrate on cloud security and move towards a zero-trust architecture when adopting a cloud infrastructure. An organization’s security defenses must now cover any cloud services and applications, including providing a full risk assessment of the threat landscape.
Granular visibility
You simply can’t secure something you’re not aware of. Organizations need full visibility of their networks. If you have this overall visibility, then you need to push further to make sure your threat intelligence is actionable, reliable, and timely. If you have all three in place, and it starts with visibility of everything, then you can confidently secure your networks.
We can almost guarantee that cybercriminals will continue to exploit the cloud well into 2023 and beyond. Moving to a more holistic security approach will enable businesses to benefit fully from cloud infrastructure, giving them the best opportunity to overcome future emerging threats.
What were your cloud security learnings from recent attacks? Share with us on Facebook, Twitter, and LinkedIn.
MORE ON CLOUD SECURITY
