Dark Clouds On The Horizon: The Rise Of Sophisticated Cybercrime

Dark Clouds On The Horizon: The Rise Of Sophisticated Cybercrime

Sophisticated Cybercrime

incapsula

The story reads as if it were pulled from the pages of a Tom Clancy novel: a collection of US banks suddenly starts receiving Distributed Denial of Service (DDoS) attacks that are carefully timed to re-strike just as their systems start to repair themselves. The attacks are carried out by waves of botnet zombies pouring from infected servers across the world and aimed at the United States. The main source of the outbreak is an innocent general interest website based in the UK that has been poisoned by a web design company out of Turkey. The alleged perpetrators of the attack: a shady extremist group based in the Middle East.

This, however, is not fiction. It happened in January 2013 and exists now as one of the case studies/success stories of Incapsula, (www.incapsula.com) a cloud-based website security company based in Redwood Shores, a short drive from San Francisco.

As computing technology has grown in sophistication and power over the years, so has the criminal element that seeks to exploit it. Individual interest groups, religious factions, even entire countries are at work seeking any and every weakness available inside lines of code, forms, executable files and any other seemingly innocuous paths that can lead eventually to disruption, destruction, theft and chaos.

In this case, the computers and the experts at Incapsula were able to detect and thwart the attack before any major damage occurred, but as Incapsula security analyst Ronen Atias writes in his account of the event, “this is just another demonstration of how security [on] the internet is always determined by the weakest link.” He points out that the simple mismanagement of an administrative password on the UK website was quickly exploited by the botnet shepherds in Turkey. “This is a good example,” he says, “of how we are all just a part of a shared ecosystem where website security should be a shared goal and a shared responsibility.”

Incapsula CEO Gur Shatz agrees. As a veteran security specialist and former captain in the Intelligence Corps of the Israeli Air Force, he has seen it all, and he sees the problem as growing in sophistication.

The reason for the rise in Advanced Persistent Threats (APTs) is less about who the perpetrators are, and more about risk versus reward,” he says. “The inadequacies of today’s defenses, juxtaposed with the ever-rising value of the information that can be stolen, represent a huge opportunity for cybercriminals. Personal or corporate devices are a tremendous intelligence source, carrying richer and more accurate data than ever before, but protections on these devices still mostly rely on outdated technologies such as passwords.

The interconnectedness of cloud technology presents both a good news and bad news scenario when it comes to the criminal element, Shatz says. The bad news is that the interconnected nature of the cloud has increased the exposure of an organization’s infrastructure. The good news, though, is that the cloud is a much less heterogeneous environment than the jungle of personal devices (smartphones, laptops, etc.), which means that the cloud-based production environment can be made more secure much more easily than corporate networks, which is where Incapsula comes in.

Shatz points out that in general, hackers are lazy and will almost always take the easiest path to infiltrate their target. The fact that an alarmingly large number of incidents involve simple password theft indicates that this is still a major issue. However, targeted attacks on more security-conscious companies certainly require more sophisticated tools, which are readily available to cybercriminals.

When assessing a company’ risk for exposure to APTs, is common for some to take a head-in-the-sand approach, thinking, for example, “I’m not a bank, I make farm equipment, so I do not have to worry.” But Shatz points out a company without any major secrets or critical online functionality is still subject to being used as a “mule” to conduct cybercrime, as with the “Tom Clancy”  scenario mentioned earlier. “Even small online businesses such as ecommerce sites, are vulnerable,” he says, “because downtime or slowness costs them both money and reputation damage. This makes them target to DDoS extortion (which is essentially the online version of the protection racket for physical stores).” Incapsula has seen several instances of this type of attack over the past six months.

Ultimately, Shatz says, shying away from the cloud rather than risking attacks of this sort is not an option, since even if you don’t go online, your competitors will. So it’s really a question of how secure your cloud environment and web applications actually are. Various types of solutions are available from companies like Incapsula and others. But avoiding the cloud, which is equivalent to putting your head in the sand and keeping it there, is not a solution.

By Steve Prentice

About Steve Prentice

Steve Prentice is a project manager, writer, speaker and expert on productivity in the workplace, specifically the juncture where people and technology intersect. He is a senior writer for CloudTweaks.

Find out more
View All Articles

Sorry, comments are closed for this post.

Comic
Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

The 80-20 Rule For Security Practitioners  Everyday we learn about yet another egregious data security breach, exposure of customer data or misuse of data. It begs the question why in this 21st century, as a security industry we cannot seem to secure our most valuable data assets when technology has surpassed our expectations in other regards.…

Maintaining Network Performance And Security In Hybrid Cloud Environments

Maintaining Network Performance And Security In Hybrid Cloud Environments

Hybrid Cloud Environments After several years of steady cloud adoption in the enterprise, an interesting trend has emerged: More companies are retaining their existing, on-premise IT infrastructures while also embracing the latest cloud technologies. In fact, IDC predicts markets for such hybrid cloud environments will grow from the over $25 billion global market we saw…

Do Not Rely On Passwords To Protect Your Online Information

Do Not Rely On Passwords To Protect Your Online Information

Password Challenges  Simple passwords are no longer safe to use online. John Barco, vice president of Global Product Marketing at ForgeRock, explains why it’s time the industry embraced more advanced identity-centric solutions that improve the customer experience while also providing stronger security. Since the beginning of logins, consumers have used a simple username and password to…

Are Cloud Solutions Secure Enough Out-of-the-box?

Are Cloud Solutions Secure Enough Out-of-the-box?

Out-of-the-box Cloud Solutions Although people may argue that data is not safe in the Cloud because using cloud infrastructure requires trusting another party to look after mission critical data, cloud services actually are more secure than legacy systems. In fact, a recent study on the state of cloud security in the enterprise market revealed that…

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

Why Businesses Need Hybrid Solutions Running a cloud server is no longer the novel trend it once was. Now, the cloud is a necessary data tier that allows employees to access vital company data and maintain productivity from anywhere in the world. But it isn’t a perfect system — security and performance issues can quickly…

Adopting A Cohesive GRC Mindset For Cloud Security

Adopting A Cohesive GRC Mindset For Cloud Security

Cloud Security Mindset Businesses are becoming wise to the compelling benefits of cloud computing. When adopting cloud, they need a high level of confidence in how it will be risk-managed and controlled, to preserve the security of their information and integrity of their operations. Cloud implementation is sometimes built up over time in a business,…

The Importance of Cloud Backups: Guarding Your Data Against Hackers

The Importance of Cloud Backups: Guarding Your Data Against Hackers

The Importance of Cloud Backups Cloud platforms have become a necessary part of modern business with the benefits far outweighing the risks. However, the risks are real and account for billions of dollars in losses across the globe per year. If you’ve been hacked, you’re not alone. Here are some other companies in the past…

Digital Twin And The End Of The Dreaded Product Recall

Digital Twin And The End Of The Dreaded Product Recall

The Digital Twin  How smart factories and connected assets in the emerging Industrial IoT era along with the automation of machine learning and advancement of artificial intelligence can dramatically change the manufacturing process and put an end to the dreaded product recalls in the future. In recent news, Samsung Electronics Co. has initiated a global…

M2M, IoT and Wearable Technology: Where To Next?

M2M, IoT and Wearable Technology: Where To Next?

M2M, IoT and Wearable Technology Profiling 600 companies and including 553 supporting tables and figures, recent reports into the M2M, IoT and Wearable Technology ecosystems forecast opportunities, challenges, strategies, and industry verticals for the sectors from 2015 to 2030. With many service providers looking for new ways to fit wearable technology with their M2M offerings…

7 Common Cloud Security Missteps

7 Common Cloud Security Missteps

Cloud Security Missteps Cloud computing remains shrouded in mystery for the average American. The most common sentiment is, “It’s not secure.” Few realize how many cloud applications they access every day: Facebook, Gmail, Uber, Evernote, Venmo, and the list goes on and on… People flock to cloud services for convenient solutions to everyday tasks. They…

The Global Rise of Cloud Computing

The Global Rise of Cloud Computing

The Global Rise of Cloud Computing Despite the rapid growth of cloud computing, the cloud still commands a small portion of overall enterprise IT spending. Estimates I’ve seen put the percentage between 5% and 10% of the slightly more than $2 trillion (not including telco) spent worldwide in 2014 on enterprise IT. Yet growth projections…

Is The Fintech Industry The Next Tech Bubble?

Is The Fintech Industry The Next Tech Bubble?

The Fintech Industry Banks offered a wide variety of services such as payments, money transfers, wealth management, selling insurance, etc. over the years. While banks have expanded the number of services they offer, their core still remains credit and interest. Many experts believe that since banks offered such a wide multitude of services, they have…

10 Trending US Cities For Tech Jobs And Startups

10 Trending US Cities For Tech Jobs And Startups

10 Trending US Cities For Tech Jobs And Startups Traditionally actors headed for Hollywood while techies made a beeline for Silicon Valley. But times are changing, and with technological job opportunities expanding (Infographic), new hotspots are emerging that offer fantastic opportunities for tech jobs and startup companies in the industry. ZipRecruiter, an online recruitment and job…

4 Industries Being Transformed By The Internet of Things

4 Industries Being Transformed By The Internet of Things

Compelling IoT Industries Every year, more and more media organizations race to predict the trends that will come to shape the online landscape over the next twelve months. Many of these are wild and outlandish and should be consumed with a pinch of salt, yet others stand out for their sober and well-researched judgements. Online…

Expert Insights Into The Yahoo Breach

Expert Insights Into The Yahoo Breach

Yahoo Breach Latest reports suggest that the recent Yahoo! data breach may exceed 500 million records, with some sources implying millions more records penetrated, upping the total number of records stolen in various recent hacks to approximately 3.5 billion. CloudTweaks spoke to Kevin O’Brien, CEO of GreatHorn, for expert insight into this latest violation. GreatHorn…

Using Private Cloud Architecture For Multi-Tier Applications

Using Private Cloud Architecture For Multi-Tier Applications

Cloud Architecture These days, Multi-Tier Applications are the norm. From SharePoint’s front-end/back-end configuration, to LAMP-based websites using multiple servers to handle different functions, a multitude of apps require public and private-facing components to work in tandem. Placing these apps in entirely public-facing platforms and networks simplifies the process, but at the cost of security vulnerabilities. Locating everything…

Big Data’s Significant Role In Fintech

Big Data’s Significant Role In Fintech

Data Banking Fintech covers a range of financial fields such as retail banking, investments, and lending and thanks to the mobile and internet innovations of late is a thriving sector. Offering improvements which drive customer satisfaction and education in an area previously inscrutable and dictated by gigantic inflexible corporations, fintech is helping put the power…

Battle of the Clouds: Multi-Instance vs. Multi-Tenant

Battle of the Clouds: Multi-Instance vs. Multi-Tenant

Multi-Instance vs. Multi-Tenant The cloud is part of everything we do. It’s always there backing up our data, pictures, and videos. To many, the cloud is considered to be a newer technology. However, cloud services actually got their start in the late 90s when large companies used it as a way to centralize computing, storage,…

Infographic: 9 Things To Know About Business Intelligence (BI) Software

Infographic: 9 Things To Know About Business Intelligence (BI) Software

Business Intelligence (BI) Software  How does your company track its data? It’s a valuable resource—so much so that it’s known as Business Intelligence, or BI. But using it, integrating it into your daily processes, that can be significantly difficult. That’s why there’s software to help. But when it comes to software, there are lots of…