The Lighter Side Of The Cloud – Accessories
The Lighter Side Of The Cloud – Thunderstorm
The Lighter Side Of The Cloud – Propositions
Dark Clouds On The Horizon: The Rise Of Sophisticated Cybercrime

Dark Clouds On The Horizon: The Rise Of Sophisticated Cybercrime

Sophisticated Cybercrime

The story reads as if it were pulled from the pages of a Tom Clancy novel: a collection of US banks suddenly starts receiving Distributed Denial of Service (DDoS) attacks that are carefully timed to re-strike just as their systems start to repair themselves. The attacks are carried out by waves of botnet zombies pouring from infected servers across the world and aimed at the United States. The main source of the outbreak is an innocent general interest website based in the UK that has been poisoned by a web design company out of Turkey. The alleged perpetrators of the attack: a shady extremist group based in the Middle East.

incapsula

This, however, is not fiction. It happened in January 2013 and exists now as one of the case studies/success stories of Incapsula, (www.incapsula.com) a cloud-based website security company based in Redwood Shores, a short drive from San Francisco.

As computing technology has grown in sophistication and power over the years, so has the criminal element that seeks to exploit it. Individual interest groups, religious factions, even entire countries are at work seeking any and every weakness available inside lines of code, forms, executable files and any other seemingly innocuous paths that can lead eventually to disruption, destruction, theft and chaos.

In this case, the computers and the experts at Incapsula were able to detect and thwart the attack before any major damage occurred, but as Incapsula security analyst Ronen Atias writes in his account of the event, “this is just another demonstration of how security [on] the internet is always determined by the weakest link.” He points out that the simple mismanagement of an administrative password on the UK website was quickly exploited by the botnet shepherds in Turkey. “This is a good example,” he says, “of how we are all just a part of a shared ecosystem where website security should be a shared goal and a shared responsibility.”

Incapsula CEO Gur Shatz agrees. As a veteran security specialist and former captain in the Intelligence Corps of the Israeli Air Force, he has seen it all, and he sees the problem as growing in sophistication.

The reason for the rise in Advanced Persistent Threats (APTs) is less about who the perpetrators are, and more about risk versus reward,” he says. “The inadequacies of today’s defenses, juxtaposed with the ever-rising value of the information that can be stolen, represent a huge opportunity for cybercriminals. Personal or corporate devices are a tremendous intelligence source, carrying richer and more accurate data than ever before, but protections on these devices still mostly rely on outdated technologies such as passwords.

The interconnectedness of cloud technology presents both a good news and bad news scenario when it comes to the criminal element, Shatz says. The bad news is that the interconnected nature of the cloud has increased the exposure of an organization’s infrastructure. The good news, though, is that the cloud is a much less heterogeneous environment than the jungle of personal devices (smartphones, laptops, etc.), which means that the cloud-based production environment can be made more secure much more easily than corporate networks, which is where Incapsula comes in.

Shatz points out that in general, hackers are lazy and will almost always take the easiest path to infiltrate their target. The fact that an alarmingly large number of incidents involve simple password theft indicates that this is still a major issue. However, targeted attacks on more security-conscious companies certainly require more sophisticated tools, which are readily available to cybercriminals.

When assessing a company’ risk for exposure to APTs, is common for some to take a head-in-the-sand approach, thinking, for example, “I’m not a bank, I make farm equipment, so I do not have to worry.” But Shatz points out a company without any major secrets or critical online functionality is still subject to being used as a “mule” to conduct cybercrime, as with the “Tom Clancy”  scenario mentioned earlier. “Even small online businesses such as ecommerce sites, are vulnerable,” he says, “because downtime or slowness costs them both money and reputation damage. This makes them target to DDoS extortion (which is essentially the online version of the protection racket for physical stores).” Incapsula has seen several instances of this type of attack over the past six months.

Ultimately, Shatz says, shying away from the cloud rather than risking attacks of this sort is not an option, since even if you don’t go online, your competitors will. So it’s really a question of how secure your cloud environment and web applications actually are. Various types of solutions are available from companies like Incapsula and others. But avoiding the cloud, which is equivalent to putting your head in the sand and keeping it there, is not a solution.

By Steve Prentice

Follow us

Steve Prentice

Steve Prentice is a project manager, writer, speaker and expert on productivity in the workplace, specifically the juncture where people and technology intersect. He is a senior writer for CloudTweaks.
Follow us

Sorry, comments are closed for this post.

Popular

4 Different Types of Attacks – Understanding the “Insider Threat”

4 Different Types of Attacks – Understanding the “Insider Threat”

Understanding the “Insider Threat”  The revelations that last month’s Sony hack was likely caused by a disgruntled former employee have put a renewed spotlight on the insider threat. The insider threat first received attention after Edward Snowden began to release all sorts of confidential information regarding national security. While many called him a hero, what…

Three Factors for Choosing Your Long-term Cloud Strategy

Three Factors for Choosing Your Long-term Cloud Strategy

Choosing Your Long-term Cloud Strategy A few weeks ago I visited the global headquarters of a large multi-national company to discuss cloud strategy with the CIO. I arrived 30 minutes early and took a tour of the area where the marketing team showcased their award winning brands. I was impressed by the digital marketing strategy…

Forrester Releases Its “15 Emerging Technologies To Watch Before 2020” Report

Forrester Releases Its “15 Emerging Technologies To Watch Before 2020” Report

15 Emerging Technologies To Watch Before 2020 The cloud, big data, the internet of things, and wearable technology have all featured heavily in Forrester’s latest list of fifteen technologies to watch before 2020. It is becoming a reality for businesses that they need to adapt and change to an increasingly technologically-minded customer base. Traditional marketing…

The Cloud Above Our Home

The Cloud Above Our Home

Our Home – Moving All Things Into The Cloud The promise of a smart home had excited the imagination of the movie makers long ago. If you have seen any TV shows in the nineties or before, the interpretation presented itself to us as a computerized personal assistant or a robot housekeeper. It was smart,…

Cloud Infographic: 2015 Data Scientist

Cloud Infographic: 2015 Data Scientist

Data Scientist Report The amount of data in our world has been exploding in recent years. Managing big data has become an integral part of many businesses, generating billions of dollars of competitive innovations, productivity and job growth. Forecasting where the big data industry is going has become vital to corporate strategy. Enter the Data…

Recent

The Importance Of Cloud Security For Wearable Technology

The Importance Of Cloud Security For Wearable Technology

Wearable Technology Starts With Cloud Security The integration of wearable technology into our society is all but inevitable. Today, major players in the wearable tech field include Google, Fitbit, Boston Scientific and Apple. As users continue to demand ever increasing availability and functionality from their devices, so do security concerns for wearable tech. The future…

Customer Success Guidelines – In A World Gone Cloud

Customer Success Guidelines – In A World Gone Cloud

Customer Success Guidelines for Maximum Upselling and Cross-Selling in a World Gone Cloud With the growth of the subscription economy, companies can no longer assume that a sale means that the deal is closed. Companies need to prove their worth every minute of every hour, every hour of every day and so on. A big…

Why You Should Be Concerned About Drone Security

Why You Should Be Concerned About Drone Security

Why You Should Be Concerned About Drone Security Over the past decade, drones, also known as UAVs (unmanned aerial vehicles), have become a fact of life. Beginning as underpublicized but extremely effective items in the U.S. military’s arsenal, drones have since come into wide use by government agencies for everything from geographic surveys to law…

Contact Us

Sending
cisco_logo_100x100 vmware citrix100
Site 24x7 200px-KPMG


Contributor Spotlight

Established in 2009, CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

Branded Content Programs

Advertising