As cloud-based services grow and become more essential to more businesses, cyber criminals have taken notice. Today’s biggest malware threats take advantage of the systems and devices connected to one another by cloud services. While cloud services are quite secure, the key problems are elsewhere. As usual, the biggest traditional weaknesses are still the human users. The best approach to defending against these threats is a combination of common sense and additional safeguards, including third-party solutions that enhance the security of cloud-based services.
Cloud-service providers offer remarkable value to their clients. By helping clients offload burdensome IT systems and services to competent specialists, cloud providers enable organizations to devote more resources to what they do best. As an added bonus, this outsourcing can come with enhanced cyber security. But as outlined in the first part of this series (“What is the shared responsibility model in cloud-based services?”), that does not mean cloud services are totally threat free.
Security professionals, take note: what happens on the cloud is your provider’s responsibility — everything else, including who and what access the cloud, is up to you. Here is a cautionary tale that demonstrates the importance of clients holding up their end of shared responsibility models for cloud services.
Cerber – the ransomware from Hades
In June 2016, disaster struck users of Office 365, the popular cloud-based office productivity service. Files on local devices were encrypted. Shortly thereafter, mapped devices and shared storage were encrypted too. Overall, few organizations were impacted, but there was a handful of very frustrated sysadmins. The virus that had infected these systems — Cerber, named after the mythical three-headed guard dog of Hades — also installed several files containing instructions for paying ransom to decrypt the original files.
But the Cerber virus did not magically install itself. Furthermore, there was no gifted hacker hammering away at the hefty security measures Microsoft uses to protect its Office 365 servers. Rather, the Cerber virus exploited the weakest link in the chain — the individual human users of Office 365. While 57% of Office 365 users received a Cerberus-infect file in their inbox, very few individuals followed the instructions necessary for local infection to occur.
Happily, there is another silver lining to the Cerber story. Within 24 hours, Microsoft identified the vulnerability, that you can avoid with the approach outlined in a previous post, “Macro-based malware is back in business.”
Ironically, the Cerber virus has another connection to cloud services. The nasty piece of malware is actually offered as ransomware as a service, or RaaS. Cyber criminals first ordered the RaaS through underground forums. In return, the RaaS provider received a portion of the ransom. Even bad guys are turning to the cloud.
More dark clouds are on the horizon
Cerber is not the only threat to cloud services. Indeed, it is far from the biggest trouble in ransomware, which grew from 3.8 million attacks in 2015 to a whopping 638 million attacks in 2016.
As outlined in our State of Cyber Security 2017 report, the number of types of ransomware is also rapidly expanding. Since the first ransomware family was discovered in 2012, the number of new families gradually grew to 35 in 2015 before exploding to 193 families in 2016. With the introduction of each new family, there is the chance that your security measures or those of your cloud provider will be circumvented.
And targeted attacks are still commonplace in the cloud. Many costly breaches of cloud-based services — like the attack on the code-hosting service Code Spaces that forced them to close up shop overnight — can be prevented with strong passwords and multi-factor authentication.
More often than not, breaches will continue to be the fault of cloud clients. IT analysis firm Gartner has a particularly shocking prediction: by 2020, 95% of cloud security failures will be the customer’s fault. In other words, Cerber was just the tip of the iceberg. Successful attacks are only going to become more common, so you need to find solutions that work.
Find trusted partners to enhance your cloud services
When so much of your business relies on cloud services, it is essential to secure your portion of the shared responsibility model. This means both selecting the cloud services that appropriately reduce your responsibility as well as finding third-party security solutions that make these services even safer.
The third and final installment of this series will highlight key details that organizations of all sizes should consider when selecting cloud partners and third-party solutions. With the right partners, you can leverage everything the cloud has to offer while mitigating the associated risks.
Leave a comment