Though largely intangible, the cloud has become an attractive target for attacks. It is a treasure trove of information and successfully hacking it, would be like hitting jackpot. As a high value target, the cloud has its fair share of attempted attacks and will continue facing more. The cloud is a honey pot to hackers, and hackers will relentlessly innovate and find new ways to swarm cloud services in hope that information will eventually fall into their hands.
Cloud computing in essence allows for the storage and accessibility of large amounts of data over the Internet. Known as a "service over the Internet", the cloud can range from private (the organisation's) to public (a third-party provider such a Dropbox). It is not only secure, easily accessible and allows for higher productivity for the users, but also helps businesses to cut costs by obviating the need for on-site storage and having the ability to optimise resources effectively. Between 2010 and 2015, companies using cloud-based services have increased almost double-fold from 48% to 84%. It is expected that by 2018, the cloud computing market will reach an estimated $43 billion. As a lucrative and booming industry, there is little wonder why it's becoming a prime target for attacks.
Distributed Denial-of-Service (DDoS) attacks are one of the most common cyber security threats. Attackers have used this method on almost any form of network-connected system, and cloud computing is no different. By flooding the cloud with overwhelming traffic, it disrupts servers and can result in losses of up to $500,000 for each affected firm, as shown in a study done by Incapsula. Not only does this reduce productivity for an organisation, it diminishes brand reputation as well.
This can be illustrated in the case of DDoS attack suffered by a content delivery network (CDN) and cloud service provider. As they are one of the largest CDN providers, one would trust that their security measures would be tight enough but unfortunately hackers successfully launched a DDoS attack. It caused their key clients' networks to shut down for almost two hours. This incident showcased the sophistication of the hackers and highlighted the importance of contingency plans. Ever since, the CDN provider has launched new measures such as flow-based monitoring to prevent attacks from reaching the data core. They also regularly survey clients' application traffic to look out for potential attacks.
Other major cloud services too, are at risk of an attack. Big names such as Google Drive, Dropbox and Microsoft OneDrive can be directly affected by 'Man-in-the-Cloud' (MITC) attacks. When users sign up to use a cloud service, they are often given the option of synchronising the cloud across various devices. If the users go ahead with this option, they are given a cloud token and will be able to access the cloud without a username or password across various devices.
The problem lies in the event that a hacker manages to get hold of a user's token. The attacker can then use it to access multiple devices and information. Using a tool named 'Switcher', hackers can manipulate the victim's token by duplicating it and then synchronising the victim's cloud to their own. After the attack, the victim's account looks untouched. During the entire process, the perpetrator goes completely undetected and the victim remains unsuspecting.
The above examples of possible attacks against the cloud are a wake-up call for further measures to enhance cyber security. In the case of MITC attacks, a two-phased approach can be used. The first is known as 'Bitglass', which involves monitoring of the landscape to check for anomalies in synchronisation. An encrypted token is also used which will only decrypt when it reaches the device. Additional controls include data and file activity monitoring to identify suspicious requests.
Cloud providers should be able to identify vulnerabilities in different aspects of their applications. Users should first ensure there is clarity as to the roles and responsibilities relating to security expected of the user and of the cloud provider. Users should also request audit reports from these service providers. This way, there will be some sort of checks and balances when it comes to mitigating risks. Softer measures to counter cloud attacks include education on the risks people might face so that their understanding and awareness of the situation will increase. Security professionals can acquire the advanced skills required for designing, implementing and managing the cloud through the Certified Cloud Security Professional (CCSP) certification. Throughout the organisation, simple tutorials and tips can be given to all employees to help them embrace cloud security.
No matter how evolved cloud defence can become, there will always be an underlying level of risk as long as there is information of value worth stealing. The best way to mitigate threats would be through advanced monitoring and vigilance followed by a quick and effective response. Ideally, one should deploy asymmetric methods such as deception technics, which we call Liquid Defence™. To understand more, look out for our blog post on Liquid Defence™.