Cloud hosting provider Dataresolution.net is struggling to bring its systems back online after suffering a ransomware infestation on Christmas Eve. The company says its systems were hit by the Ryuk ransomware, the same malware strain that crippled printing and delivery operations for multiple major U.S. newspapers over the weekend.
Data Resolution LLC provides software hosting, business continuity systems, cloud computing and data center services to some 30,000 businesses worldwide. The company has not yet responded to requests for comment.
A report from Menlo Security finds that attackers are using cloud hosting services to avoid detection, opting to host trojans from websites like storage.googleapis.com, rather than on their own infrastructure. It is not difficult to understate the convenience of this—think of all the benefits cloud computing offers the enterprise, the cost savings of building out your own servers, etc., and apply those benefits to cybercriminals. The minimized initial cost makes cloud services undeniably attractive for malicious uses.
So, imagine a user follows a link in a phishing email to download a trojan from storage.googleapis.com. As far as the user knows, the origin is Google, or someone using Google to store data. It’s got the lock icon, and it has Google in the URL, so it should be trustworthy, except it is not.
Read more about the findings of the Menlo Security report on TechRepublic.
Three quarters of organizations plan to buy more cloud security tools in 2019 as a means to better secure increasingly complex cloud environments, new research shows. The data comes from Alcide, which today released its “2018 Report: The State of Securing Cloud Workloads.” Nearly 350 security, DevOps, and IT pros weighed in to share their cloud security plans. Most are struggling to secure complex cloud setups, and think more tools will help.
Results show cloud security workflows remain fragmented. Across all company sizes, about 53% of respondents distribute their cloud workloads across a hybrid infrastructure; 18% use multi-cloud. The larger the business, the higher the degree of fragmentation, researchers found.
Read more about the findings of the Alcide research on DarkReading.
The US Department of Homeland Security has issued an alert today about “ongoing” cyber-attacks against managed service providers –a term used to describe online cloud-based services.
The DHS believes the attacks are being carried out by advanced persistent threats (APTs), a generic term used by the cyber-security industry to describe cyber-espionage and hacking units under the control and operating under the supervision of foreign governments. According to security experts, the attacks are most likely linked to APT10, a Chinese cyber-espionage group, also known as Red Apollo, Stone Panda, POTASSIUM, or MenuPass.
Read more about the US DHS alert regarding APT attacks on ZDNet.
Organizations that take a pragmatic approach to securing the use of user- and business-unit-led-cloud services realize appreciable business benefits compared with organizations that take more draconian, coarse-grained approaches. According to a report conducted by the Enterprise Strategy Group, only 21% of organizations have adopted this kind of pragmatic approach.
Organizations are at different stages of their journey with respect to the maturity of their approach to cloud security, both in terms of their strategic approach to the cloud as well as tactical measures.
Read more about the findings of the new report by the Enterprise Strategy Group on Help Net Security.
Robert Corradini, Director of Product Management at 5nine, often hears system administrators tell him that their organization’s cloud-first strategy is jeopardizing security. With each new software-, infrastructure, and platform-as-a-service adopted by line-of-business users or within enterprise IT, security seems to be an afterthought.
The challenge with most cloud-first strategies is that they incorporate both hybrid cloud (private and public) and multicloud (heterogeneous cloud infrastructures from multiple vendors) environments; in almost all cases, these infrastructures lack consistency in management interfaces, access controls, and third-party tool support. So, not only do cloud-first strategies increase your organization’s attack surface, they can be difficult to manage and secure.
Read Robert Corradini’s list of best practices that organizations can implement to ensure their cloud-first strategy is optimized for security on DarkReading.
Creating a thorough and effective security program is difficult enough when your data is stored on-premises. But most organizations and agencies straddle hybridized on-prem and cloud environments—or they’re cloud-native entirely. This complicates the role of cybersecurity teams who now need tools that can traverse multiple environments without missing a beat.
According to RightScale’s 2018 State of the Cloud report, public cloud adoption is up to 92 percent from 89 percent last year. Your cloud systems need proactive and ongoing support for integrity monitoring, configuration management, vulnerability management and more.
Read about a few ways cloud security poses its own particular challenges, as well as two strategies for overcoming those, on Tripwire.
The second annual Ixia 2018 Security Report analyzes how enterprise network attack surfaces are increasing as the perimeter of the traditional network expands into the cloud. Data shows that over 90% of enterprises are concerned about data and application security in public clouds, while nearly 60% of respondents reported that public cloud environments make it more difficult to obtain visibility into data traffic.
87% of enterprises suffered downtime of an hour or more during their last network outage, which according to Gartner, can cost a company as much as $5,600 per minute, as well as impact customer satisfaction. Also, 88% had experienced a business related issue from a lack of visibility into public cloud traffic.
A new survey of executives shows that the vast majority are deploying hybrid cloud architectures for their organization. When queried about the state of their IT security, the breakdown is interesting: Half say it’s healthy, one-quarter have some level of concern, and one-quarter seem to be at best overconfident, at worst delusional.
The survey, sponsored by Cavirin Systems, asked executives about how they were building their application architectures for the business. Roughly 80% say that they are building hybrid clouds, with half of those saying that Microsoft Azure is part of their infrastructure.
Read more about the new Cavirin Systems survey on DarkReading.
Though virtually all organizations are moving some assets to the cloud, a lack of cybersecurity talent is slowing migration for 40% of IT professionals, according to a new report from McAfee. Of the 1,400 IT professionals surveyed worldwide, 97% said their organization is using some type of cloud service—up from 93% last year. However, those with a cloud-first strategy dropped from 82% in 2017 to 65% in 2018, the report found.
The cybersecurity skills shortage has actually improved over last year, when 49% of IT leaders said that they were slowing cloud migrations, the report found. Interestingly, those with a cloud-first strategy were almost twice as likely to have slowed adoption than those without such a strategy. Private-only cloud operators were more likely to report experiencing skills shortages, and more likely to have slowed their adoption, which helps to explain the continued shift to hybrid cloud.
Read more about the findings of the new report from McAfee on TechRepublic.