Last year was arguably when distributed denial-of-service attacks entered the mainstream. Attackers in 2014 took down major online gaming networks and multiple attacks that made national news. In fact, the largest DDoS attack occurred February 2014, when attackers targeted the large content delivery network CloudFlare. According to Ars Technica, the attack's volume exceeded 400 gigabits per second.
These attacks are now becoming more prevalent. The first three months of 2015 saw more than double the attacks from the year-ago quarter. ZDNet said attacks are evolving as well. In the past, they would consist of high bandwidth and short duration. Now, DDoS attacks are using less bandwidth but are longer lasting and more sustained. Bloomberg Business called these attacks large headaches and cautioned that attackers do not need great financial resources or need to be experts to inflict damage.
It is important cloud service providers and customers stay informed of the latest cybersecurity news. Computerworld and Cloud Security Alliance executive council chairman Ken Low listed some of the top threats to the cloud. Among them were DDoS attacks. Cloud security has greatly improved over the years, but Low's comments stand as a reminder no system is completely safe. In addition to DDoS attacks, threats still exist and companies need to practice strong security measures to ensure critical functions are not taken offline.
Distributed denial-of-service attacks
Essentially, DDoS attacks consist of overwhelming the resources of the targeted system. For example, during the holiday 2014 season, these attacks crippled popular online gaming networks for days, according to The Guardian. Users were unable to log in and in some instances, could not even access gaming content because everything was tied to an online system. A 2014 report from Arbor Networks said DDoS attacks targeting the cloud are more prevalent than in previous years.
Organizations relying on the cloud can see operations crippled if an attack were to occur. According to an April 2015 report by Neustar, a DDoS attack during the busiest hours equates to losses over $100,000. As a result, 51 percent of companies are investing more in prevention compared with the previous year. Low said attacks are becoming easier because of distributed computing and numerous mobile devices.
How can worried cloud users protect important infrastructure and data? Communication with the provider is key, because it is the provider that handles most of the back-end security measures. Low recommended further measures an organization can take, such as quickly developing the short-term implementation of a security measure, otherwise known as virtual patching.
Liability of shared technology
According to ZDNet, many data centers condense tenants onto virtual machines. Essentially, the systems are designed to remain separate, but still share resources. However, a new zero-day vulnerability dubbed Venom, has led some to say the shared technology exploit is more serious than 2014's Heartbleed, the dangerous bug that affected OpenSSL certification and allowed attackers to access critical data. Venom, meanwhile, hits the cloud at its origin: in the data center.
Attackers can gain access to the host hypervisor by exploiting a legacy virtual floppy disk controller, which is seemingly widely ignored. Attackers can gain entry into the virtual server by sending the floppy disk specific code. From there, the cybercriminals, can create their own virtual machine to access other organization's information.
"Venom allows a person to break into a house, but also every other house in the neighborhood as well," said Crowdstrike researcher Jason Geffner, according to ZDNet.
Companies have already implemented patches to fix the exploit. Again, Low recommended virtual patching to fix similar vulnerabilities.
Risk of insider threat
Threats do not just exist on the outside. Organizations and cloud providers must implement strong security measures to prevent employees from initiating harm. It is no coincidence data centers therefore have some of the strongest security available, from multiple security systems to numerous guards.
However, malicious insiders also pose a significant threat to organizations and cloud providers. These individuals can be split into two groups: those who intentionally look to inflict harm, and non-malicious individuals.
Why would employees look to damage their employer? Unfortunately, there is not a correct answer because every criminal has a different mindset. Yet, employers can take steps to spot questionable behavior early on. According to Tripwire contributor Irfahn Khimji, logging into the network at odd times and an increased number of uploads and downloads from an internal system are some red flags. These can be spotted by setting up rules in the security information and event management system. A 2015 Verizon Data Breach Investigations Report identified 79,000 security incidents throughout 2014 . Typically, misuse is detected within seconds.
Non-malicious threats may be the result of an employee mistake. In an interview at the 2014 RSA Conference, Carnegie Mellon University's Randy Trzeciak said he has researched insider threats to identify common trends and behaviors. Employees may accidentally provide sensitive information or shut down a critical function of an organization.
The benefits of cloud computing are numerous to name for the many organizations and cloud providers. However, threats to the cloud will always exist and organizations and cloud providers must stress strong security measures.