Tuesday, December 20, 2016

Predictions 2017: IaaS Becomes the Next Launching Pad for Cyber Threats

by Corey Nachreiner, Chief Technology Officer, WatchGuard Technologies

Cloud technology has had an incredible impact on the business landscape over the last five years. Public infrastructure-as-a-Service (IaaS) platforms like Amazon’s AWS and Microsoft Azure, in particular, are growing at incredible rates – even among small businesses. According to RightScale’s 2016 State of the Cloud report, 71 percent of small and medium businesses (SMBs) are running at least one application in AWS or Azure. It’s clear that IaaS solutions provide a ton of business opportunities for organizations, especially those without the financial or personnel resources necessary to manage physical network infrastructure.

However, as the public cloud becomes more engrained in the fabric of everyday business operations, it has also become a serious target for hackers. The question: How safe is it really? With so much valuable customer, financial and healthcare data stored in one place, and managed by a third party, it’s easy to see why criminals have begun to focus their efforts on IaaS.  

In the past, we’ve seen threat actors target or infect servers running in public cloud services. For example, there have been cases where hackers take over servers running in Amazon EC2—the virtualized compute portion of Amazon AWS. Remember, servers you spin up in EC2 are no different from servers on your premises. If you leave a port open, without a firewall or access control rules, hackers can attack it in the same way they attack physical servers. To illustrate this, a honeypot organization spun up some fake SSH servers in Amazon EC2 to see whether they’d get targeted. Even without publishing the servers’ IP addresses, or attaching them to a domain, attackers found and started brute-force attacks the IaaS-based honeypots within 10 hours.

We’ve also seen criminals target IaaS customers through their cloud credentials. An Amazon AWS account is powerful. Customers can spin up almost endless servers, as long as they are willing to pay Amazon for the compute power they use. In 2014, one AWS customers had a very costly AWS credential breach. Some criminal learned his AWS credential, and used its administrative powers to spin up more EC2 server instances, which he used to mine bitcoin. This credential leak (due to the victim accidentally leaving credentials in a Github project), almost cost the victim over $5000 in AWS bills.

In short, without the proper protections, attackers can hack servers in the public cloud just as easily as the ones on your premises. As we move more and more of our data to IaaS servers, you can expect criminal hackers to follow.

Iaas doesn’t only make a good attack target, but also provides a powerful attack platform. We’ve seen cybercriminals leveraging these robust virtualization cloud platforms to build their attack infrastructure. For instance, criminals started putting their botnet command and control (C&C) servers in Amazon EC2 shortly after its launch, one example being the Zeus botnet. Despite increased monitoring and security from Amazon, attackers still use AWS infrastructure for attacks.

More recently, a web security company did a study of all the web application attacks launched on the Internet, and found that 20 percent of these attacks from AWS’s IP addresses. This comes as no surprise, since public IaaS services can provide single individuals with more scalable compute and network power one person could easily harness on their own. As long as public clouds offer impressive distributed computing capabilities to customers, hacker will search for ways to exploit these powers for evil.

In 2017, I expect to see attackers increasingly leverage public IaaS both as a potential attack surface, and as a powerful platform to build their attack networks. It’s highly likely there will be at least one headline-generating cyberattack either targeting, or launched from a public IaaS service next year.

So what can businesses to do protect their IaaS properties from being attacked in 2017?

In short, extend your existing network perimeter security tactics to the public cloud. There are a number of simple best practices I’d recommend to proactively protect your IaaS credentials and business critical data:
       
·        Properly implement IaaS’s existing access controls: IaaS services like AWS and Azure have built-in security tools you can use to protect your cloud servers in the same way you do physical ones. While cloud services don’t offer Unified Threat Management (UTM) or Next-generation Firewall (NGFW) services, they do have basic stateful firewalls. At the very least, make sure you firewall your cloud servers, and only expose the network services you really need to. 

·        Use strong authentication or two-factor authentication (2FA) whenever possible: Passwords are not perfect. They can get stolen, or you might accidentally leave them in a Github project, like the victim mentioned above. If you’re only using a password to authenticate to your IaaS service, a lost password gives attackers everything they need to take over your account. However, most public clouds offer two-factor authentication (2FA), where you can pair your password with some other authentication token, such as a secure code delivered to your mobile phone. With 2FA enabled, cybercriminals won’t be able to access your IaaS account even if they compromise your password.

·        Bring your on-prem security to the cloud: Most organizations protect their premise servers with UTM and NGFW appliances that combine many different security controls into one easy to manage appliance. Luckily, you can now bring these advanced premise security solutions to IaaS as well. Search your IaaS marketplace for your favorite security solution and you might find it.

·        Check out your IaaS provider’s security best practices: Frankly, there are more security tips and practices to protect your cloud servers that I can share in one short article. The good news is your favorite IaaS provider may already have you covered. For instance, AWS users can find a white paper on all Amazon’s best practices in this PDF.


Business will continue to boom for the IaaS industry. According to the latest market study by International Data Corporation (IDC), worldwide spending on public cloud services is expected to reach upwards of $141 billion by 2019, up from nearly $70 billion last year. With the sustained growth and prevalence of IaaS, organizations need to constantly educate themselves on new ways cybercriminals are leveraging it and focus on effectively extending their network security into the public cloud. 

About the Author

Corey Nachreiner is Chief Technology Officer of Watchguard Technologies.

Recognized as a thought leader in IT security, Nachreiner spearheads WatchGuard's technology vision and direction. Previously, he was the director of strategy and research at WatchGuard. Nachreiner has operated at the frontline of cyber security for 16 years, and for nearly a decade has been evaluating and making accurate predictions about information security trends. As an authority on network security and internationally quoted commentator, Nachreiner's expertise and ability to dissect complex security topics make him a sought-after speaker at forums such as Gartner, Infosec and RSA. He is also a regular contributor to leading publications including CNET, Dark Reading, eWeek, Help Net Security, Information Week and Infosecurity, and delivers WatchGuard's "Daily Security Byte" video on Facebook.

0 comments:

Post a Comment

See also