Get ready for cyber attacks on major cloud providers in 2017: Vendor

There will be a cyber attack on a major cloud provider in 2017, including possibly ransomware that makes its way into a cloud-based data centre, predicts a major security vendor in its annual forecast of events that are likely to happen.

The two forecasts were made Wednesday by Check Point Software, which at the same time released a survey on cloud security issues of over 200 cybersecurity and IT professionals conducted in November.

Although an increasing number of organizations are shifting workloads to the cloud in various ways the respondents still have qualms: 93 per cent of them said they are very or moderately concerned about cloud security.

Just over 80 per cent are very or moderately concerned about ransomware hijacking corporate data even if it’s in the cloud. And they believe the top three threats to cloud environments are unauthorized access, data leakage (including external sharing of data) and denial of service attacks.

Unlike other organizations, Check Point compressed its predictions into two big ones:

–There will be a cyber attack on a major cloud provider.

The impact could be sizable, Donald Meyer, head of the vendor’s product marketing, warned in a blog. Last year a five-hour outage at AWS affected a number of Amazon Web Services (AWS) services and customers. The issue, he said, was isolated to the “US-EAST-1 Region” and was caused by a problem with Amazon’s DynamoDB. A network disruption “briefly affected” DynamoDB’s ability to “communicate with its metadata services.” Once the network issue was resolved, the flood of requests from the storage servers trying to upload their metadata overwhelmed the capacity of the metadata service, resulting in the service needing to be shut down.

The net result of this event was any service that utilized DynamoDB in that region was affected. “After a marathon six-hour battle, AWS was able to increase the capacity of the metadata service, thus restoring it and the corresponding storage services.

Recent reports of the Murai botnet, composed of a huge number of Internet-of-Things devices. AWS has just responded by releasing AWS Shield, a managed distributed denial of service (DDoS) protection service designed to minimize application disruptions and latency.

“The fact that AWS recognizes this as a significant threat should be a wakeup call to any organization using public cloud services that any cloud strategy should also include a robust disaster recovery and back-up strategy to minimize disruptions due to cloud outages,” said Meyer.

–Ransomware will find its way into a cloud-based data centre:

“As more organizations embrace the cloud, both public and private, these types of attacks will start finding their way into this new infrastructure through either encrypted files spreading cloud to cloud or by hackers using the cloud as a volume multiplier,” says Meyer.

IT may have antivirus installed on servers, he noted, but ransomware is now engineered to evade detection.

In terms of cloud defences, Meyer advises strong encryption for data in transit as well as at rest, diligent data back-ups, a well-defined DR plan and deploying advanced threat prevention

“It is up to the organizations to put in place the correct safeguards to prevent unauthorized access and prevent the opportunity for attackers to infiltrate with malware and other advanced threats,” he added.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now