Digitalisation opens up new opportunities for companies — but the cloud and endpoint proliferation are both security weak spots that have to be considered.
For instance, Microsoft reports that its own cloud computing operations are under almost constant attack, with a massive 1,5-million attempts a day to compromise its systems recorded each day.
The company is not only fending these attacks off but learning from them. It is using data on these as well as other sources such as hundreds of billions of emails, webpage scans and other pieces of information that flow to and from Microsoft’s cloud computing data centres, to compile its Security Intelligence Report (SIR).
The latest SIR provides companies with the latest trends data on industry vulnerabilities, exploits, malware, web-based attacks, along with measures to combat these and for remediation.
Cloud threat intelligence
Today, the cloud is fast becoming the central data hub for companies, which in turn is also making it a prime target for cyber criminals. Consequently, cloud-based cyber-attacks have increased a massive 300% year-on-year.
Companies should take note that as the cyber-attackers are successful with their breach attempt, the attackers attempt to reuse the stolen credentials on multiple services. Therefore, one of the most critical things a user can do to protect themselves is to use a unique password for every site and online service they use.
Furthermore, companies should train staff to avoid the use of simple passwords (easy to guess or crack), using alternative authentication methods or multi-factor authentication, as well as to implement solutions for credential protection and risk-based conditional access.
Besides trying to gain access to a company or user’s cloud services, the cloud services themselves including Microsoft Azure, are being targeted more and more as attackers aim to compromise and weaponise virtual machines and other services.
During cloud weaponisation scenarios, cybercriminals can then use these virtual machines to launch attacks such as brute force attacks against other virtual machines, or spam campaigns that can be used for email phishing attacks, or even reconnaissance like port scanning to identify new attack targets and other malicious activities.
Azure Security Centre actively monitors for cloud weaponisation attempts and the distribution of the outbound attacks discovered by Azure Security Centre advanced detection mechanisms are as follows:
* Also on the rise is drive-by downloads, which involves a website hosting one or more exploits that target vulnerabilities in web browsers and/or browser add-ons. Users with vulnerable PCs and mobile devices can be infected with malware, simply by visiting such a website, even without attempting to download anything.
* Drive-by download pages are usually hosted on legitimate websites, to which an attacker has posted exploit code. Attackers gain access to legitimate sites through intrusion or by posting malicious code to a poorly secured web form, like a comment field on a blog. Compromised sites can be hosted anywhere in the world and concern nearly any subject imaginable, making it difficult for even an experienced user to identify a compromised site from a list of search results.
* Search engines such as Bing have taken a number of measures to help protect users from drive-by downloads. As Bing indexes webpages, they are assessed for malicious elements or malicious behaviour. If the site owner is registered with Bing as a webmaster, they are sent a warning about the malicious content, and can request a re-evaluation of the site after taking care of the problem. Because the owners of compromised sites are usually victims themselves, the sites are not removed from the Bing index. Instead, clicking the link in the list of search results displays a prominent warning, saying that the page may contain malicious software, as shown below.
Endpoint threat intelligence
An endpoint is any device that is remotely connected to a network, which is able to provide an entry point for cyber-attackers and includes notebook PCs, smartphones, and tablets amongst others and because users interact with an endpoint, it remains a key opportunity for attackers and a security priority for businesses.
Ransomware attacks have been on the rise, disrupting major organisations and grabbing global headlines. Attacks like WannaCry and Petya disabled thousands of machines worldwide in the first half of 2017. Windows 10 includes mitigations that prevent common exploitation techniques by these and other ransomware threats.
Many of these exploits are then bundled together and sold as commercial software or as a service called exploit kits. Prospective attackers buy or rent exploit kits on malicious hacker forums and through other illegitimate outlets and use these for their own nefarious ends in a similar way to how drive-by downloads are utilised.
Ultimately, the threats and risks of cyberattacks are constantly increasing and evolving as technology becomes better and user preferences shift. However, there are some practical steps companies and employees can take to minimise their exposure to these threats.
These include enforcing security policies that control access to sensitive data and limits corporate network access to appropriate users, locations, devices, and operating systems (OS). Do not work in public Wi-Fi hotspots, where attackers could eavesdrop on your communications, capture logins as well as passwords, and access your personal data. Regularly update your OS along with other vital software to ensure the latest patches are installed.