Cyber attacks are on the rise. Companies both large and small are targeted daily by hackers seeking valuable data to monetize in the cyber underground. Recent reports show that 87% of organizations are making use of cloud infrastructure, while analysts predict spending will exceed $200 billion in 2016.
This means: 1) Organizations are making use of public clouds now more than ever before, and 2) Hackers now have a larger attack surface to gain access to sensitive data. It is imperative for organizations to understand the attack methods being used to compromise their environments, so they can prepare a defence strategy when they become the target of an attack – According to a Cloud Security Report by Alert Logic .
As cloud growth continues, the data is telling a familiar story. The 2015 research not only reinforces previous Cloud Security Report findings, it also uncovers new insights that can prove valuable to organizations when building out their security framework.
CLOUD ADOPTION REMAINS STRONG
In 2014, we continued to see an increase in attack frequency for organizations with infrastructure in the cloud. This is not surprising—production workloads, applications, and valuable data are shifting to cloud environments, and so are attacks. Hackers, like everyone else, have a limited amount of time to complete their “job.”
They want to invest their time and resources into attacks that will bear the most fruit: Businesses using cloud environments are largely considered that fruit-bearing jackpot. However, attackers are not abandoning attacks against on-premises data centers; they are simply applying more pressure to businesses with applications in the cloud.
Their hypothesis, which in some cases may be true, is that businesses have a misconception about the security they need in the cloud. Some businesses, attackers have found, mistakenly assume cloud providers take care of all their security needs. The reality, however, is that security in the cloud is a shared responsibility.
INDUSTRY AND CUSTOMERS DRIVE YOUR THREAT PROFILE
This year we performed industry analysis, looking for trends in attack types. As the analysis progressed, we noted a distinct difference between businesses that primarily service their customers online, and those that do not.
This indicates a new level of sophistication in the way attackers are approaching infiltration—a fact that perhaps appears obvious but is underrepresented in research. It is clear from our data that of the many factors influencing a business’s threat profile, interaction with the customer plays a major role.
Businesses with a significant online presence for customer interaction are the targets of application attacks far more than those businesses that interact with their customers by other means.
For those businesses that have smaller online presences, we find attackers are using traditional means of infiltration, such as Brute Force and Trojan attacks. Understanding what drives your threat profile is key to determining the time and investment necessary for a successful security-in-depth strategy.
With the growing demand for consumer applications that provide ease of use and access,
the Financial Services industry has engaged in the widespread adoption of Internet-enabled financial services.
These now include website access, mobile banking via applications, SMS/Text message banking, and numerous emailbased services. Adding these new delivery models to their cloud environments resulted in an increase of attackers attempting to steal financial data—credit card numbers as well as personal information to fuel financial fraud and insider information to facilitate insider trading.
For example, the FIN4 group used their attacks on the financial industry to gain confidential information related to the pharmaceutical and healthcare industries. This insider knowledge allowed FIN4 to successfully trade on the stock market and earn millions of dollars.
Application and Brute Force attacks comprise the majority of malicious activity within our Financial Services industry customer base, signalling a clear determination of attackers to gain access to these organizations’ valuable data. These attack types are indicators of the intent to obtain data—application attacks will allow the leaking of information from databases and backend systems, and Brute Force attacks will grant access to
internal systems, usually resulting in lateral movement within the organization to build a starting ground for a more sophisticated attack.
Coupled with reconnaissance activity, 70% of attack types we identified in the Financial Services industry are focused on either gaining access or obtaining data. Unsurprisingly, Trojan activity was also used to further attackers’ quests for internal access. Generally using spear phishing with malicious links and attachments, this technique is used to lure in less technically minded employees in order to gain a foothold within the environment, typically an on-premises data center.
Cloud-based systems suffer less with this type of activity due to the nature of deployment, reducing the threat opportunity to these systems. Financial organizations are often viewed by malicious actors as challenging targets, due to the industry’s large budgets, strong compliance and regulatory concerns, and heavily appointed security teams dedicated to focusing on day to-day activities. In spite of these challenges, however, sophisticated attack groups still focus on the exploitation of these organizations, due to the financial return that could result in the event of a successful breach.