Cyber attacks move to cloud with increased adoption, report shows

Cyber attacks are migrating to the cloud with increased adoption, a report reveals.

Cyber attacks on cloud environments have almost reached the same level as attacks on traditional IT, with increased adoption of cloud-based services by the enterprise, a study shows.

The 2014 Cloud Security Report by security-as-a-service provider Alert Logic is based on an analysis of data from cloud and on-premise infrastructures of 2,200 customers.

In the past year, brute force attacks on cloud environments climbed from 30% to 44% of customers, and vulnerability scans increased from 27% to 44%, the study found.

Brute force attacks typically involve a large number of attempts testing multiple common credential failings to find a way in, while vulnerability scans are automated attempts to find a security weakness in applications, services or protocol implementations that can be exploited.

These types of incidents have been far more likely to target on-premises environments in the past, but are now occurring at near-equivalent rates in both environments.

The key finding of the report is that attacks seem to be increasing across all environments, and, in parallel, the types of attacks in the cloud are increasingly consistent with those experienced on premise.

More on cloud security

Malware botnet attacks, historically the most common attacks in the on-premises datacentre, are on the rise in cloud environments, the study found, going from 5% to 11% in the past year.

“As more enterprise workloads have moved into cloud and hosted infrastructures, some traditional on-premises threats have followed them,” said Stephen Coty, chief security evangelist at Alert Logic.

“This reinforces the necessity for enterprise-grade security systems specifically designed to protect cloud environments,” he said.

The report is also based on data from “honeypot” computer systems set up on the internet. These attract attackers to observe attack types and frequency.

 The report notes that 14% of malware collected through the honeypots was considered undetectable by 51 of the world’s top antivirus suppliers as attackers re-package variants of malware like Zeus or Conficker.

This means that cloud-specific security systems must contain advanced security content and analytics consistent with the attack vectors prevalent in the cloud.

“This shows the need for a defence-in-depth strategy that aims to protect every layer of the stack,” said Coty.

“Antivirus still has a role as it detecting the other 86% of malware, but organisations have to do a lot more than that to ensure they can catch the malware that antivirus will not,” he told Computer Weekly.

Worldwide, attacks on Microsoft-DS (Port 445) accounted for the majority (51%) of honeypot incidents.

Microsoft-DS (port 445) supports direct hosted “NetBIOS-less” server message block (SMB) traffic and file-sharing in Windows environments, and it represents an easy target, when open, for accessing files and providing the ability to infect systems.

The remainder of the attacks was split relatively evenly among Microsoft-SQL (Port 1433), MySQL (Port 3306), HTTP (Port 443), RPC (Port 135) and FTP (Port 21).

According to the report, widespread acceptance of cloud computing in enterprise IT increases the need to secure cloud infrastructure in a way that rivals protection of the traditional datacentre.

To meet this requirement, the report said IT and security professionals must understand the types of threats targeting cloud computing environments, and whether traditional security technologies can perform effectively in cloud environments.

“They must also understand that cloud is a shared responsibility between the service provider and the customer,” said Coty.

“The cloud provider is responsible for foundational services and things like hardening the hypervisor, but users remain 100% responsible for everything at the application layer, including security,” he said.

According to Coty, this means cloud consumers still need to think about features such as secure coding, access management, software virtual patching, monitoring applications and security monitoring.

Cloud consumers also need to talk to their providers about what they need to do from a security point of view, and ask questions about their encryption strategies and how they patch their hypervisors.

“Finally, it is important to stay informed about the kinds of potential threats to your cloud environment to enable you to ask the right questions of your service provider,” said Coty.

“Knowledge is power because knowing what you are vulnerable to will help you to defend your environment a lot more efficiently and work better with your service provider,” he said.

Read more on Cloud security