Tuesday, December 20, 2016

Predictions 2017: IaaS Becomes the Next Launching Pad for Cyber Threats

by Corey Nachreiner, Chief Technology Officer, WatchGuard Technologies

Cloud technology has had an incredible impact on the business landscape over the last five years. Public infrastructure-as-a-Service (IaaS) platforms like Amazon’s AWS and Microsoft Azure, in particular, are growing at incredible rates – even among small businesses. According to RightScale’s 2016 State of the Cloud report, 71 percent of small and medium businesses (SMBs) are running at least one application in AWS or Azure. It’s clear that IaaS solutions provide a ton of business opportunities for organizations, especially those without the financial or personnel resources necessary to manage physical network infrastructure.

However, as the public cloud becomes more engrained in the fabric of everyday business operations, it has also become a serious target for hackers. The question: How safe is it really? With so much valuable customer, financial and healthcare data stored in one place, and managed by a third party, it’s easy to see why criminals have begun to focus their efforts on IaaS.  

In the past, we’ve seen threat actors target or infect servers running in public cloud services. For example, there have been cases where hackers take over servers running in Amazon EC2—the virtualized compute portion of Amazon AWS. Remember, servers you spin up in EC2 are no different from servers on your premises. If you leave a port open, without a firewall or access control rules, hackers can attack it in the same way they attack physical servers. To illustrate this, a honeypot organization spun up some fake SSH servers in Amazon EC2 to see whether they’d get targeted. Even without publishing the servers’ IP addresses, or attaching them to a domain, attackers found and started brute-force attacks the IaaS-based honeypots within 10 hours.

We’ve also seen criminals target IaaS customers through their cloud credentials. An Amazon AWS account is powerful. Customers can spin up almost endless servers, as long as they are willing to pay Amazon for the compute power they use. In 2014, one AWS customers had a very costly AWS credential breach. Some criminal learned his AWS credential, and used its administrative powers to spin up more EC2 server instances, which he used to mine bitcoin. This credential leak (due to the victim accidentally leaving credentials in a Github project), almost cost the victim over $5000 in AWS bills.

In short, without the proper protections, attackers can hack servers in the public cloud just as easily as the ones on your premises. As we move more and more of our data to IaaS servers, you can expect criminal hackers to follow.

Iaas doesn’t only make a good attack target, but also provides a powerful attack platform. We’ve seen cybercriminals leveraging these robust virtualization cloud platforms to build their attack infrastructure. For instance, criminals started putting their botnet command and control (C&C) servers in Amazon EC2 shortly after its launch, one example being the Zeus botnet. Despite increased monitoring and security from Amazon, attackers still use AWS infrastructure for attacks.

More recently, a web security company did a study of all the web application attacks launched on the Internet, and found that 20 percent of these attacks from AWS’s IP addresses. This comes as no surprise, since public IaaS services can provide single individuals with more scalable compute and network power one person could easily harness on their own. As long as public clouds offer impressive distributed computing capabilities to customers, hacker will search for ways to exploit these powers for evil.

In 2017, I expect to see attackers increasingly leverage public IaaS both as a potential attack surface, and as a powerful platform to build their attack networks. It’s highly likely there will be at least one headline-generating cyberattack either targeting, or launched from a public IaaS service next year.

So what can businesses to do protect their IaaS properties from being attacked in 2017?

In short, extend your existing network perimeter security tactics to the public cloud. There are a number of simple best practices I’d recommend to proactively protect your IaaS credentials and business critical data:
       
·        Properly implement IaaS’s existing access controls: IaaS services like AWS and Azure have built-in security tools you can use to protect your cloud servers in the same way you do physical ones. While cloud services don’t offer Unified Threat Management (UTM) or Next-generation Firewall (NGFW) services, they do have basic stateful firewalls. At the very least, make sure you firewall your cloud servers, and only expose the network services you really need to. 

·        Use strong authentication or two-factor authentication (2FA) whenever possible: Passwords are not perfect. They can get stolen, or you might accidentally leave them in a Github project, like the victim mentioned above. If you’re only using a password to authenticate to your IaaS service, a lost password gives attackers everything they need to take over your account. However, most public clouds offer two-factor authentication (2FA), where you can pair your password with some other authentication token, such as a secure code delivered to your mobile phone. With 2FA enabled, cybercriminals won’t be able to access your IaaS account even if they compromise your password.

·        Bring your on-prem security to the cloud: Most organizations protect their premise servers with UTM and NGFW appliances that combine many different security controls into one easy to manage appliance. Luckily, you can now bring these advanced premise security solutions to IaaS as well. Search your IaaS marketplace for your favorite security solution and you might find it.

·        Check out your IaaS provider’s security best practices: Frankly, there are more security tips and practices to protect your cloud servers that I can share in one short article. The good news is your favorite IaaS provider may already have you covered. For instance, AWS users can find a white paper on all Amazon’s best practices in this PDF.


Business will continue to boom for the IaaS industry. According to the latest market study by International Data Corporation (IDC), worldwide spending on public cloud services is expected to reach upwards of $141 billion by 2019, up from nearly $70 billion last year. With the sustained growth and prevalence of IaaS, organizations need to constantly educate themselves on new ways cybercriminals are leveraging it and focus on effectively extending their network security into the public cloud. 

About the Author

Corey Nachreiner is Chief Technology Officer of Watchguard Technologies.

Recognized as a thought leader in IT security, Nachreiner spearheads WatchGuard's technology vision and direction. Previously, he was the director of strategy and research at WatchGuard. Nachreiner has operated at the frontline of cyber security for 16 years, and for nearly a decade has been evaluating and making accurate predictions about information security trends. As an authority on network security and internationally quoted commentator, Nachreiner's expertise and ability to dissect complex security topics make him a sought-after speaker at forums such as Gartner, Infosec and RSA. He is also a regular contributor to leading publications including CNET, Dark Reading, eWeek, Help Net Security, Information Week and Infosecurity, and delivers WatchGuard's "Daily Security Byte" video on Facebook.

Qualcomm, Ericsson, SK Telecom Set 5G NR Trials

Ericsson, Qualcomm, and SK Telecom will conduct interoperability testing and over-the-air field trials in the second half of 2017 based on 3GPP's 5G New Radio (NR) standards, which utilize wide bandwidths available at higher frequency bands to increase network capacity and achieve multi-gigabit per second data rates.

The first 3GPP 5G NR specification that will be part of Release 15 - the global 5G standard that will make use of both sub-6 GHz and mmWave spectrum bands.

The companies said the upcoming trials will employ 3GPP 5G NR Multiple-Input Multiple-Output (MIMO) antenna technology with adaptive beamforming and beam tracking techniques, including non-line-of-sight (NLOS) environments and device mobility. It will also make use of scalable OFDM-based waveforms and a new flexible framework design that are also part of the 5G NR specifications. The trials are expected to yield valuable insight into the unique challenges of integrating 5G NR technologies into mobile networks and devices.

"As we did in both 3G and 4G, we are excited about collaborating with leading operators and industry stakeholders such as Ericsson and SK Telecom to accelerate the path to 5G," said Matt Grob, executive vice president and chief technology officer, Qualcomm Technologies, Inc. "The roadmap of 5G technologies is incredibly complex, and trials based on the global 3GPP 5G standard, such as this, are critical to continuing our long history of leadership integrating advanced wireless technologies in form-factor accurate devices to ensure timely deployment of 5G networks."

"As 5G rapidly gains momentum, a globally agreed and unified standard becomes imperative to achieve early commercialization of 5G and build an efficient ecosystem around it," said Alex Jinsung Choi, EVP, Chief Technology Officer, SK Telecom, "As 3GPP NR is a global 5G standard, we are delighted to announce early 3GPP NR trials with leading 5G players, Ericsson and Qualcomm, with which we have made remarkable world's first footprints in the past with previous generations of groundbreaking mobile technologies.."

http://www.ericsson.com
http://www.qualcomm.com

Vendors Back New NFV Interoperability Testing Initiative

Cisco, Ericsson, Huawei and Nokia signed Memorandum of Understanding to create the NFV Interoperability Testing Initiative (NFV-ITI) whose main objective is to promote competition and create industry alignment on generic principles for NFV interoperability testing and support for specific customer situations.

NFV-ITI members agreed to cooperatively support the interoperability of NFV elements in specific customer situations to accelerate the commercial implementations, and to reduce the time-to-market for new applications and services.

The members said guiding principles of the initiative are openness, fairness, reasonableness and non-discriminatory treatment. All relevant NFV vendors are welcome to join this initiative by ratifying the NFV-ITI MoU.

http://www.cisco.com
http://www.ericsson.com
http://www.nokia.com
http://www.huawei.com

Enea Completes Acquisition of Qosmos

Enea completed its acquisition of Qosmos, a privately held company with leading positions in IP traffic classification and network intelligence, for approximately EUR 52.7 million. Qosmos is estimated to generate sales of approximately EUR 14.2 million in 2016.

Qosmos is a supplier of Network Intelligence software based on Deep Packet Inspection. Its software provides detailed real-time traffic visibility for applications such as mobile traffic management, cyber security, and network analytics.

“We will be able to help customers identify, classify, and analyze network traffic in real-time, and we will be able to serve and assist them in new areas such as traffic management and network security analytics”, said Anders Lidbeck, President and CEO, Enea. “Customers will also find a strong partner and supplier in us as a company, with increased resources, broadened expertise, and expanded geographical presence”.

http://www.enea.com/
http://www.qosmos.com

Zayo Supplies Metro Fiber and Wavelengths to Genomics Firm

Zayo was selected to deliver dark fiber and wavelength connectivity in a major West Coast metro market to a leading genomics firm.  The connectivity, which will use Zayo's existing fiber network, includes a dark fiber connection between the client’s headquarters and data center, along with secure, high-bandwidth wavelength connectivity among satellite offices, headquarters and the data center.

“Our dark fiber provided a significant competitive advantage in winning this business in an exciting and rapidly expanding market,” said Chris Morley, Zayo’s chief operating officer. “The customer required a solution that could scale to accommodate continued growth, and also wanted the flexibility to use and manage their own equipment. We’re well positioned to provide them both dark and lit services that meet their specific needs -- and, more broadly, to meet the growing communications infrastructure demand in this emerging sector.”

http://www.zayo.com

Telia Carrier Expands in Germany

Telia Carrier is expanding the availability of its IP, Wavelength and Ethernet services in Germany through new partnership with Savecall, Germany's top consultant and broker of ICT services with offices in Munich, Wiesbaden and Berlin. In addition to Savecall's consulting and brokering services, this partnership allows the company to act as a reseller of Telia Carrier's complete suite of IP, Wavelength and Ethernet services.

Savecall mediates provider-neutral expert solutions including point-to-point Ethernet, leased line and Multiprotocol Label Switching (MPLS) services for IT and telecommunications companies. The company offers customers risk and cost reduction through the standardization of basic IT services coupled with powerful virtualization solutions.

"At Savecall, one of our guiding principles is to rapidly deliver competitive and agile solutions to our customers," saidNikolaus von Johnston, General Manager, Savecall. "Leveraging Telia Carrier's expertise in this market and superior customer service, our customers will benefit from the inclusion of Telia Carrier's top-ranked network services in our portfolio."

http://www.teliacarrier.com/

SK Telecom Selects Coriant 100G for New Undersea Link

SK Telecom has selected a Coriant submarine solution to extend 100G connectivity to Ulleungdo Island, which lies off the east coast of Korea.

The deployment will use the Coriant hiT 7300 Multi-Haul Transport Platform and Coriant Transport Network Management System (TNMS).

"Uncompromising quality is critical in today’s transport networks as they scale to support ever-increasing amounts of customer traffic," said Petri Markkanen, General Manager and Vice President of Sales, Asia Pacific, Coriant. "Following rigorous testing for this submarine application, SK Telecom selected the Coriant hiT 7300 submarine solution for its superior 100G reach and performance, as well as proven features including flexible configuration, advanced optical link control, and integrated RAMAN amplification."

http://www.coriant.com

See also