The malicious insider
Cyber security threats to the Cloud Infrastructure can transpire from both within outside of and businesses, corporations, and organisations. In fact, according to the CyberSecurity Watch Survey conducted on over 600+ businesses, government agencies, security professionals and consultants, 21% of cyber attacks were caused by insiders.
In fact, according to the survey:
- 33% of the respondents believed that insider attacks were more costly and damaging to business entities;
- 63% of the respondents claimed that the most common inside attacks were unauthorised access to and use of corporate information and data;
- 57% of the respondents believed that the unintentional exposure of private or sensitive data continues to exist;
- 37% of the respondents felt that viruses, worms, or other malicious codes were launched by inside attacks;
- 32% of the respondents also felt that the most dangerous insider attack threat was that of the theft of intellectual property.
- A majority of the respondents firmly believed that the vulnerabilities to a Cloud Computing Infrastructure to a malicious insider attack are as follows:
- Unclear roles and responsibilities;
- Poor enforcement of role definitions;
- Need-to-know principles and methodologies were not effectively applied;
- AAA vulnerabilities;
- Server, IT Systems and/or OS vulnerabilities;
- Inadequate physical security procedures;
- The impossibility of processing data in encrypted form;
- Software application vulnerabilities and/or poor patch and software upgrade management techniques. (SOURCE: 1).
There are three types of Cloud Infrastructure-related insider threats:
1) The rogue network administrator:
They have the privilege to steal unprotected files, brute-force attack over passwords, and download sensitive customer information and data from the victim business, corporation, or organisation.
2) The malicious insider:
They can exploit the vulnerabilities of a Cloud Computing Infrastructure in an attempt to gain unauthorised access to confidential data in an organisation; and either selling this sensitive data or use the information for their own future business transactions.
3) The malicious insider who uses the Cloud Computing Infrastructure to conduct nefarious activity:
They carry out attacks against their own employer’s IT infrastructure. Since these kinds of insiders are familiar with the IT operations of their own companies, the attacks are generally difficult to be traced using forensic analysis. (SOURCE: 2)
Online cyber threats
Cloud computing services provide users and business entities with very powerful processing capabilities and massive amounts of storage space. For example, Netflix leases computing space from Amazon Web Services (AWS) to provide subscription service for watching television-based programmes and movies. Dropbox offers cloud storage service to customers and businesses alike for storing terabytes of data.
However, in the meantime, the sensitive information and data that is stored on a Cloud Computing Infrastructure thus becomes an attractive target to online cyber theft. In fact, according to the analysis of data breaches of 209 global companies in 2011, 37% of information/data breaches cases involved malicious attacks. The average cost per compromised record is $222. (SOURCE: 3).
The covert stealing of information and data stored on a Cloud Computing Infrastructure also occurs on social networking sites, such as Twitter, Facebook, and LinkedIn. According to a recent USA Today survey, 35% of adult Internet users have a profile on at least one social networking site. (SOURCE: 4).
However, the private data that is stored on these social media sites can be hacked by online cyber thieves, provided that they find a to access the Cloud Computing Infrastructure upon which these social media sites are hosted on. For example, LinkedIn, the world’s largest professional networking website that has well over 175 million subscribers, reported that their password database was compromised in a security breach. (SOURCE: 5).
Online cyber attackers could also use stolen passwords to launch malicious attacks against the subscriber base of these social media sites. For example, Dropbox confirmed that its users were victims of a spam attack. Usernames and passwords stolen from the social media sites were used to sign in covertly into Dropbox accounts. (SOURCE: 6).
Online cyber attackers could also take the advantage of the computing power offered by cloud computing service providers to launch massive cyber attacks. For example, the AWS EC2 cloud service was used by hackers to compromise private information and data about its user base. By signing up Amazon’s EC2 service with phony information, the cyber attackers then rented a virtual server and launched an attack to steal confidential information and data from Sony’s PlayStation Network. (SOURCE: 7).
Although there are many Cloud providers that are out there, it is always best to go with either the Amazon Web Services (AWS) or Microsoft Azure as they both have an entire platform of security tools that you can quickly deploy.
1) D. Catteddu and G. Hogben, “Cloud Computing Benefits, Risks and Recommendations for Information Security,” The European Network and Information Security Agency (ENISA), November 2009.
2) Insider Threats Related to Cloud Computing, CERT, July 2012.
3) Data Breach Trends & Stats, Symantec, 2012.
4) A Few Wrinkles Are Etching Facebook, Other Social Sites, USA Today, 2011.
5) An Update on LinkedIn Member Passwords Compromised, LinkedIn Blog, June, 2012.
6) Dropbox: Yes, We Were Hacked, August 2012.
7) Amazon.com Server Said to Have Been Used in Sony Attack, May 2011.
Ravi Das is a Cybersecurity Consultant and Business Development Specialist. He also does Cybersecurity Consulting through his private practice, RaviDas Tech, Inc. He also possesses the Certified in Cybersecurity (CC) cert from the ISC2.