Cloud Exploitation
With the rising adoption of cloud use across all industries, cloud infrastructure has become a major target for hackers. Attacks with the cloud range from implementing DDoS attacks using cloud resources, to finding unpatched cloud servers to install ransomware and viruses that exploit data sent through the server.
For the best protection against the common exploits of cloud technology is to ensure there is a stakeholder in your team familiar with the cloud, and can implement proper configurations of cloud resources to prevent against these attacks. Additionally, it’s important to pay attention to the Service-Level agreements of cloud providers to ensure what is considered the cloud provider’s responsibility, and what’s considered the customer’s responsibility.
Phishing
In 2021, data published by Tessian Research shows “75% of organizations have experienced some kind of phishing attack”. Targeting credentials, personal data, and medical data, phishing scams deceive users into sharing private information with the attackers. Phishing is also one of the most commonly reported cybersecurity attacks for organizations, since it typically does not require sophisticated software nor tactics to deceive a user into releasing private information. Phishing comes from emails, instant messages, text messages, and phone calls.
Phishing is preventable when staff are trained and are therefore aware common phishing strategies and keywords used in phishing channels such as email. Implementing real-time monitoring technology such as phishing url monitoring greatly lowers the risk of phishing breaches.
Ransomware
Ransomware is a subset of malware that infects and locks down a system until a payment is made to the attacker. Ransomware can be spread through phishing emails or text messages, or if a user visits a malicious website and the ransomware is downloaded onto the user’s computer without the user’s knowledge. Ransomware can be combated using a number of methods within an organization. Best practice for every business is to have anti-virus software on every computer. Additionally, an intrusion prevention system in your business’ network significantly increases security by monitoring network traffic and locating potentially harmful processes in the network as a whole. Additional operational safeguards for your business includes whitelisting applications for computer hosts, this limits the number of possible channels and risks towards a host computer where a harmful application can be downloaded.
API Attacks
Gartner research predicts “by 2022, API abuses will move from infrequent to the most frequent attack vector”. Attackers can potentially ‘inject’ their own code into an API request and perform unauthorized actions within the business’ infrastructure. Also, man-in-the-middle attacks can be performed against API’s, where traffic is intercepted by a malicious host, and the host impersonates either an API or the API’s backend infrastructure.
Common exploits for API’s now have well documented procedures to prevent these attacks. With code injection for API’s, it’s important for every API to perform validation and data-sanitation to limit undesired inputs and mitigate malicious behavior. Man-in-the-Middle attacks also require end-to-end encryption methods where each host has its own certificate to validate it’s identity. Traffic cannot be decrypted without the correct certificate and corresponding key.
DDoS Attacks
A distributed denial of service (DDoS) is a common brute-force attack on a web application or service where the attacker floods the network with requests to the point of rendering the service inoperable. Oftentimes the attacker gains control of a very large collection of computers, often called a ‘botnet’, and triggers all hosts in the controlled group to make a request to the endpoint. If the application or endpoint does not have the resources to handle all of the concurrent requests, the endpoint could shutdown and cave under the attack.
Since this is such a common attack, there are lots of tools and recommended strategies for avoiding this attack. Specific firewalls, called Web Application Firewalls (WAF), can help against these attacks. These firewalls can detect abnormal traffic patterns and reduce the number of malicious requests made to your application. Additionally, designing an infrastructure that can quickly scale to meet traffic demand, particularly during a DDoS attack, can prevent any potential downtime.
Read More