Cloud infestation by networked attacks (current state) vs. (old school) system infection by virus

When your cloud assets are breached by a virus ….

Scenario 1 (old school):

Your machine gets a virus on it. You use anti-virus to kill it, or rebuild … move on with your life.
  • Future impact: Zero
  • Cost: One time

Scenario 2 (most businesses and product teams)

Your cloud environment gets infected with a virus / ransomware. Now though instead of just one machine, this virus (for simplicity of writing) moves within the environment infects other systems. After initial infect, this virus calls back to a command and control server and shares intelligence about the hosts it has infected (ip address space, user details, security protocols, vpn details, routing tables, user information, and any database details, etc…). These details, much like a robo-call spammer, are logged and shared with other attack networks and targeted further, but now customized to the infected host footprints.
The result – higher success rate of breach for similarly managed systems. Higher value to attackers who now have rich data store to attack and to sell on black market for interested parties.
  • Future Impact: High and frequent
  • Cost: Ongoing
The impact of such a breach is best understood when the fact that these are networked attacks is acknowledged. These are learning attacks that build upon prior successes. To undo the damage, full system refreshes are required, all of the keys that linked to those environments need to be reset, and any tokens or ‘obfuscation’ techniques changed. Cloud allows for auto-scaling and self-healing, but it works the other way too. Attackers can auto-customize their attacks to fit our profile.
Act accordingly
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s