Week 11 Assignment

Advanced Persistent Threats (APTs) are a parasitical form of cyberattack that infiltrates systems to establish a foothold in the computing infrastructure of target companies from which they smuggle data and intellectual property (CSA). APTs act stealthy over extended periods of time and even adapt to the security measures intended to defend against them. Common points of entry are spear fishing, direct hacking attacks, USB devices preloaded with malicious code, compromised third-party networks, etc. Once in place APTs blend in with normal traffic and move through data center networks undetected.

“Carbanak, a major advanced persistent threat (APT) attack against financial institutions around the world, may be considered the largest cyberheist to date… Unlike the usual cybercriminal method of stealing consumer credentials or compromising individual online banking sessions with malware, the brazen Carbanak gang targeted banks’ internal systems and operations, resulting in a multichannel robbery that averaged $8 million per bank” (Kessem, L. 2015).  

According to the article the main factor that let attackers cause such damage was inadequate security controls. Internal core systems were not well protected since banks didn’t expect an attack from within. The heist started out slow with initial infiltration facilitated by spear fishing emails and exploit-laden attachments that compromised employee endpoints with malware.

Although APT attacks can be difficult to detect and eliminate, some can be stopped with proactive security measures. It is critical that users be educated to recognize and handle social engineering techniques, therefore awareness programs should be regularly reinforced. IT departments should be aware of the latest advanced attacks. Defending against APTs may require more advanced security controls, process management, incident response plans and IT staff training, which leads to increased security budgets. Organizations should weigh these costs against the potential economic damage inflicted by successful APT attacks.

Resources:

Kessem, L. (2015, February 23), Carbanak: How Would You Have Stopped a $1 Billion APT Attack?, retrieved from https://securityintelligence.com/carbanak-how-would-you-have-stopped-a-1-billion-apt-attack/

The Treacherous 12 Cloud Computing Top Threats in 2016, (February 2016), prepared by the Cloud Security Alliance, retrieved from https://downloads.cloudsecurityalliance.org/assets/research/top-threats/Treacherous-12_Cloud-Computing_Top-Threats.pdf

Week 10 Assignment

On January 29^th 2015, the health insurance company Anthem, Inc. discovered that hackers have gained unauthorized access to Anthem’s IT systems and nearly 80 million records containing Personally Identifiable Information (PII) were stolen. The hackers used phishing attacks to obtain network credentials of at least five employees with high level IT access. Data from the attack is expected to be sold on the black market.

Anthem’s breach was the result of insufficient identity, credential and access management, which is also a top concern in cloud computing environments. Data breaches can occur due to the lack of scalable identity access management systems, failure to use multifactor authentication, weak passwords use, and a lack of ongoing automated rotation of cryptographic keys, passwords and certificates (CSA, 2016). There are several factors that allowed for the success of the attack on Anthem – the data was not encrypted, too many of Anthem’s employees might have had too much access to the system, multifactor authentication was not deployed.

Identity systems must scale to support the lifecycle management for millions of users, including immediate de-provisioning of accounts upon job termination or role change.

Credentials and cryptographic keys should not be embedded in source code or contained in public-facing repositories such as GitHub. Keys need to be well protected and rotated periodically, a secured public key infrastructure (PKI) should be in place to ensure proper key management.

Multifactor authentication systems such as smart cards, one-time passwords (OTP), phone-based authentication, etc. are required in cloud environments. In case of legacy systems that use passwords alone, a policy should be implemented to enforce strong password creation and define password rotation.

Organizations planning to federate identity with a cloud provider need to understand the security processes, infrastructure and segmentation between customers implemented by the provider to protect the identity platform. Organizations must consider the trade-off of centralizing identity against the risk of having that single repository become a target of high interest to attackers.

Resources:

Hiltzik, M., (2015, March 6), Anthem is warning consumers about its huge data breach. Here's a translation., retrieved from http://www.latimes.com/business/la-fi-mh-anthem-is-warning-consumers-20150306-column.html

The Treacherous 12 Cloud Computing Top Threats in 2016, (February 2016), prepared by the Cloud Security Alliance, retrieved from https://downloads.cloudsecurityalliance.org/assets/research/top-threats/Treacherous-12_Cloud-Computing_Top-Threats.pdf

Rashid, F., (2016, March 11), The dirty dozen: 12 cloud security threats, retrieved from http://www.infoworld.com/article/3041078/security/the-dirty-dozen-12-cloud-security-threats.html

Week 9 Assignment

The risk of data breach is not unique to cloud computing, but it remains a top security concern for cloud customers. A data breach is an incident in which sensitive, protected, or confidential information is released, viewed, stolen or used by an individual who is not authorized to do so. Cloud environments are exposed to the same threats as traditional corporate networks, providing new avenues of attack due to the high accessibility and shared resources. The vast amount of data cloud providers host makes them a very attractive target.

A data breach can be the result of human error, application vulnerabilities or poor security practices. It may involve personal health information, financial information, personally identifiable information (PII), trade secrets, intellectual property or any other information not intended for public release.

The extent of the breach depends on the sensitivity of the data exposed. When a data breach occurs companies may face large fines, lawsuits or criminal charges. There are also costs associated with investigations, customer notification and legal services. Indirect effects such as brand damage and loss of business can have even more devastating impact on the organization.

In 2015 the antivirus firm BitDefender suffered a security breach, involving stolen usernames and passwords, due to a security vulnerability in its public cloud application hosted on AWS. The hacker responsible demanded a ransom of $15,000. The company was quick to resolve the issue and put additional security measures in place to prevent future reoccurrence. As an extra precaution, a password reset notice was sent to all potentially affected customers.

Cloud providers typically have good security controls set up for their environments, but customers are ultimately responsible for protecting their data in the cloud. An effective security program should be implemented, as well as multifactor authentication and encryption.

Resources:

The Treacherous 12 Cloud Computing Top Threats in 2016, (February 2016), prepared by the Cloud Security Alliance, retrieved from https://downloads.cloudsecurityalliance.org/assets/research/top-threats/Treacherous-12_Cloud-Computing_Top-Threats.pdf

Rashid, F., (2016, March 11), The dirty dozen: 12 cloud security threats, retrieved from http://www.infoworld.com/article/3041078/security/the-dirty-dozen-12-cloud-security-threats.html

Goldman, J., (2015, August 6), Bitdefender Acknowledges Data Breach, retrieved from http://www.esecurityplanet.com/network-security/bitdefender-acknowledges-data-breach.html

Week 8 Assignment

Permanent data loss is still one of the biggest fears that organizations face when opting for cloud services. Hackers would deliberately delete cloud data to harm businesses and ruin cloud providers’ reputation. Cloud data centers are also as vulnerable to natural disasters as any other facility.

Preventing data loss is a shared responsibility and cloud providers recommend distributing data and applications across multiple zones for added protection. Data backups are essential, as well as off-site data storage. When it comes to customer’s responsibilities – if encrypting data before uploading it to the cloud, then careful measures should be taken to protect the encryption key. Once the key is lost, so is the data.

On April 21^st 2011 Amazon experienced a massive service outage, causing service disruption and approximately 11 hours of historical data wasn’t recoverable and appeared as small gaps in the timeline. The root cause was a mistake made by Amazon’s engineers that triggered a cascade of other bugs and glitches. You can find a detailed description of the incident here.

There are compliance policies in place on how long organizations must retain documents and audit records. Losing such data can have serious consequences. Providers and cloud customers should take adequate measures to back up data and follow the best practices in business continuity and data recovery.

Resources:

Rashid, F., (2016, March 11), The dirty dozen: 12 cloud security threats, retrieved from http://www.infoworld.com/article/3041078/security/the-dirty-dozen-12-cloud-security-threats.html

Goldman, D., (2011, April 29), Amazon explains its cloud disaster, retrieved from http://money.cnn.com/2011/04/29/technology/amazon_apology/

Blodget, H., (2011, April 28), Amazon's Cloud Crash Disaster Permanently Destroyed Many Customers' Data, retrieved from http://www.businessinsider.com/amazon-lost-data-2011-4