With the remote workforce now an almost guarantee that will continue well into 2021, many businesses in corporate America are now scrambling fast to deploy their entire IT and Network Infrastructures into a Cloud-based platform such as that of the Amazon Web Services (AWS) or Microsoft Azure. This trend has been catalyzed by two notable events:
- The cybersecurity lessons learned when COVID 19 originally hit;
- The advantages of using the Cloud for remote workers, especially when it comes to accessibility, scalability, and affordability.
But even though the Cloud has many huge advantages, cyber attackers are now paying attention to this trend and are now targeting these types of platforms as a result. In this blog, we address some of the top cyber threats to the Cloud and some solutions that can be used to mitigate them.
Denial of Service Attacks:
These are also known as DoS-based attacks and are considered to the parent to Distributed Denial of Service (“DDoS”) attacks. But the DoS-based attacks are slightly different. For example, a DoS attack is only used to target one web-based application at a time, unlike the DDoS which targets multiple applications at a time. But the bottom line of these kinds of attacks is that they are designed to choke the load times of the web application on the client-side, making them nearly impossible to access, just because it takes so long. In other words, the cyber attacker is taxing the very limits of the processing power of the web server that is hosting the application. In fact, it is very analogous to a traffic jam, which is nicely summarized in this quote: “It is like being caught in rush-hour traffic gridlock: there is no way to get to your destination, and there is nothing you can do about it except sit and wait.”1
What are some of the ways that you can mitigate this from happening?
- Implement Advanced Intrusion Detection Systems: These are also known as “IDSs”. With this, anomalous behavior can be detected quickly and easily, and from that, you can cut off the flow of network communications from the point of origination.
- Deploy Firewalls that have Traffic Inspection functionalities: Most Firewalls simply just check for the behavior of most network traffic. But this kind of Firewall does a much more granular inspection of the data packets and can immediately terminate those that are deemed to be nefarious in nature.
- Blacklist IP Addresses: This is something that your Cloud Solutions Provider can do for you. With this, any known or potential malicious IP addresses are blacklisted, so that your Web application (if you have created one for your customers) will be blacklisted, and thus, cannot be served any of the requested web pages.
The usage of Shared Environments:
One of the main reasons why the Cloud can offer so many strategic advantages to its tenants is that it makes use of shared resources. For example, when you log into the web portal in Azure, you have the look and feel of a private server. To a certain degree, this is true. But it is important to keep in mind that there are many of these virtual servers that are spun off and hosted from just one primary, physical server. Because of that, these virtual servers share both the computational and processing resources of this one physical server. For the most part, what happens in one tenant should not impact your infrastructure, but there are times that it can, especially if this physical server has not been configured properly.
What can be done to fix this?
Unfortunately, as the tenant, there is not much that you can do to adjust this. This is something that only your Cloud Service Provider can fix. If you suspect something is happening in this regard, notify them immediately so that they can resolve the issue in just a short period of time.
The Advanced Persistent Threat:
This is one of the newest threat variants that is starting to emerge in Cloud-based platforms. These are also known as APTs, and a technical definition of it is as follows:
“An advanced persistent threat is an attack in which an unauthorized user gains access to a system or network and remains there for an extended period of time without being detected.”(SOURCE: 2)
In other words, the Cyber attacker locates an unknown backdoor into your virtual machine/virtual server and stays there for a very long time without going noticed. The goal is to try and steal as much confidential information and data as possible over this extended duration.
What can be done to mitigate this kind of risk?
- Limit access: It is very important to remember that your Cloud-based platform will be one of your company’s most prized permissions. You don’t want every employee to have access so limit it to only certain individuals. Your Cloud service provider should be able to initiate all of the required protocols that are needed to avoid the mishap of malicious account takeover.
- Implement different Subnets: Rather than deploying everything into one Cloud infrastructure, you can actually divide it out into different segments which are also known as “subnets.” By doing this, you are putting a database into one segment, the other in a different one, etc. The idea of this is twofold: 1) It will help to further eliminate the risk of shared resources spilling over into your platform from the different tenants. 2) If by chance a cyber attacker does break into one Subnet, the chances of them breaking into others is statistically diminished, which will help to contain any damage that has already been created.
- Make use of Multifactor Authentication: This is also known as “MFA”. With this particular strategy, you are implementing at least three or more layers of authentication mechanisms, in order to guarantee the legitimacy of the individual that is trying to access your Cloud-based platform. This is a great strategy to use in conjunction with limiting access, as reviewed earlier in this blog. In fact, Microsoft Azure comes with a great set of MFA tools, that you can install and use in a very short period of time. Watch Video: What is Multifactor Authentication?
Data loss happens when the cyber attacker covertly hijacks the Personal Identifiable Information (PII) datasets from your Cloud infrastructure and sells them onto the Dark Web to make a lucrative profit. Or they can be used to launch Identity Theft Attacks.
What can be done to help avoid this?
There is no way you can prevent this from happening. This kind of breach can occur even to those businesses that are deemed to have the best lines of defense at hand. In this situation, the only thing you can do is to make and keep backups of your databases on a regular basis. But it is also important that you make multiple copies of these backups and store them in different locations. In this regard, a very nice feature of Microsoft Azure is that you can create separate VMs in geographically different Data Centers. This is technically known as “Geodiversity”. You can use this method in addition to creating different Subnets. By doing this, you can keep your database backups in different Data Centers.
A future article will continue on this theme, focusing upon the following:
- Ensuring Diligence and Compliance;
- Subsequent vulnerabilities and weaknesses;
- Account Heisting;
- Insider Threats;
- Data Breaches;
For more information about how to protect your business from cloud computing risks, please see our Cybersecurity Services for Small Business.