Dark Clouds On The Horizon: The Rise Of Sophisticated Cybercrime

Dark Clouds On The Horizon: The Rise Of Sophisticated Cybercrime

Sophisticated Cybercrime

incapsula

The story reads as if it were pulled from the pages of a Tom Clancy novel: a collection of US banks suddenly starts receiving Distributed Denial of Service (DDoS) attacks that are carefully timed to re-strike just as their systems start to repair themselves. The attacks are carried out by waves of botnet zombies pouring from infected servers across the world and aimed at the United States. The main source of the outbreak is an innocent general interest website based in the UK that has been poisoned by a web design company out of Turkey. The alleged perpetrators of the attack: a shady extremist group based in the Middle East.

This, however, is not fiction. It happened in January 2013 and exists now as one of the case studies/success stories of Incapsula, (www.incapsula.com) a cloud-based website security company based in Redwood Shores, a short drive from San Francisco.

As computing technology has grown in sophistication and power over the years, so has the criminal element that seeks to exploit it. Individual interest groups, religious factions, even entire countries are at work seeking any and every weakness available inside lines of code, forms, executable files and any other seemingly innocuous paths that can lead eventually to disruption, destruction, theft and chaos.

In this case, the computers and the experts at Incapsula were able to detect and thwart the attack before any major damage occurred, but as Incapsula security analyst Ronen Atias writes in his account of the event, “this is just another demonstration of how security [on] the internet is always determined by the weakest link.” He points out that the simple mismanagement of an administrative password on the UK website was quickly exploited by the botnet shepherds in Turkey. “This is a good example,” he says, “of how we are all just a part of a shared ecosystem where website security should be a shared goal and a shared responsibility.”

Incapsula CEO Gur Shatz agrees. As a veteran security specialist and former captain in the Intelligence Corps of the Israeli Air Force, he has seen it all, and he sees the problem as growing in sophistication.

The reason for the rise in Advanced Persistent Threats (APTs) is less about who the perpetrators are, and more about risk versus reward,” he says. “The inadequacies of today’s defenses, juxtaposed with the ever-rising value of the information that can be stolen, represent a huge opportunity for cybercriminals. Personal or corporate devices are a tremendous intelligence source, carrying richer and more accurate data than ever before, but protections on these devices still mostly rely on outdated technologies such as passwords.

The interconnectedness of cloud technology presents both a good news and bad news scenario when it comes to the criminal element, Shatz says. The bad news is that the interconnected nature of the cloud has increased the exposure of an organization’s infrastructure. The good news, though, is that the cloud is a much less heterogeneous environment than the jungle of personal devices (smartphones, laptops, etc.), which means that the cloud-based production environment can be made more secure much more easily than corporate networks, which is where Incapsula comes in.

Shatz points out that in general, hackers are lazy and will almost always take the easiest path to infiltrate their target. The fact that an alarmingly large number of incidents involve simple password theft indicates that this is still a major issue. However, targeted attacks on more security-conscious companies certainly require more sophisticated tools, which are readily available to cybercriminals.

When assessing a company’ risk for exposure to APTs, is common for some to take a head-in-the-sand approach, thinking, for example, “I’m not a bank, I make farm equipment, so I do not have to worry.” But Shatz points out a company without any major secrets or critical online functionality is still subject to being used as a “mule” to conduct cybercrime, as with the “Tom Clancy”  scenario mentioned earlier. “Even small online businesses such as ecommerce sites, are vulnerable,” he says, “because downtime or slowness costs them both money and reputation damage. This makes them target to DDoS extortion (which is essentially the online version of the protection racket for physical stores).” Incapsula has seen several instances of this type of attack over the past six months.

Ultimately, Shatz says, shying away from the cloud rather than risking attacks of this sort is not an option, since even if you don’t go online, your competitors will. So it’s really a question of how secure your cloud environment and web applications actually are. Various types of solutions are available from companies like Incapsula and others. But avoiding the cloud, which is equivalent to putting your head in the sand and keeping it there, is not a solution.

By Steve Prentice

About Steve Prentice

Steve Prentice is a project manager, writer, speaker and expert on productivity in the workplace, specifically the juncture where people and technology intersect. He is a senior writer for CloudTweaks.

Find out more
View All Articles

Sorry, comments are closed for this post.

Even Companies With A “Cloud First” Strategy Have Lingering Security Concerns

Even Companies With A “Cloud First” Strategy Have Lingering Security Concerns

Lingering Security Concerns Considering the cost and time-to-market advantages of SaaS applications in particular, it’s no surprise that companies are looking to the cloud to meet their business objectives. But what happens when a ‘cloud first’ company must also put security and compliance first? In a recent Bitglass survey report from a cloud access security…

Basic Cloud Risk Assessment Tips

Basic Cloud Risk Assessment Tips

Basic Cloud Risk Assessment You should worry about the risks of cloud computing. But don’t get too scared. With a few simple steps you can easily get a basic understanding of your risks in the cloud and even have a good start in managing these risks. If you are a large corporation in a regulated…

Where Is The Tipping Point For The Flying Drone Market?

Where Is The Tipping Point For The Flying Drone Market?

The Flying Drone Market In the past year I have written a number of articles here on CloudTweaks about Drones. I enjoy flying drones. One thing I’ve used my drone for is proving I didn’t need to do the worst fall maintenance job ever. Cleaning the gutters of the house by flying the drone around…

The Meaning Of Secure Business Agility In The Cloud

The Meaning Of Secure Business Agility In The Cloud

Secure Business Agility In The Cloud As cloud continues to accelerate business delivery and shift away the balance of power from IT and InfoSec to business users, organizations need to find ways to ensure that security is part of a business process rather than an afterthought. Today’s organizations are transacting some of their most valuable…

Knots And Cloud Service Providers

Knots And Cloud Service Providers

How Do These Two Compare? In Boy Scouts, I learned how to tie knots. The quickest knot you can tie is the slipknot. It’s very effective for connecting one thing to another via the rope you have. It was used in setting up tents, mooring boats to docks temporarily and lifting your food up into…

Finally, The Time For Security Information Event Management (SIEM)

Finally, The Time For Security Information Event Management (SIEM)

The Time For SIEM Security Information Event Management (SIEM) tools have been around for a long time. My first encounter with a SIEM vendor was about twenty years ago while being courted to resell their product. To this day, I still recall two vivid memories from that meeting; the product was very complex and quite…

Is Windows 10 The Final Piece Of Microsoft’s Cloud Strategy?

Is Windows 10 The Final Piece Of Microsoft’s Cloud Strategy?

Windows 10 – Microsoft’s Cloud Strategy By all reports, Windows 10 is a resounding success. Microsoft reported that 14 million users downloaded the latest version of its operating system in its first 24 hours of availability. That number is ten times higher than launch-day downloads of Windows 8. Independent sources confirm that Windows 10 now…

CloudTweaks is recognized as one of the leading influencers in cloud computing, infosec, big data and the internet of things (IoT) information. Our goal is to continue to build our growing information portal by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

Advertising