• No results found

Evolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance

N/A
N/A
Protected

Academic year: 2021

Share "Evolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance"

Copied!
33
0
0

Loading.... (view fulltext now)

Full text

(1)

Evolving Threats and Attacks:

A Cloud Service Provider’s viewpoint

John Howie Senior Director

Online Services Security and Compliance

(2)

Introduction

• Microsoft’s Cloud Infrastructure

• Evolution of Threats and Cyberattacks

• Attacks against Customers and Providers

• The Future

(3)

Global Foundation

Services

Microsoft’s Cloud Environment

Physical infrastructure

Logical Infrastructure

Compute runtimes

Identity and directory stores

Cloud Platform Services

And others

Cloud Infrastructure Consumer and

Small Business Services

Enterprise Services

Third-Party Hosted Services

(4)

Cloud Security Challenges

Growing Interdependence Amongst Public and Private Sector

With these new dependencies come mutual expectations that platform

services and hosted applications be secure and available.

Evolving Technologies, Changing Business Models, Dynamic Hosting Environment

Keeping pace with growth and anticipating future needs is essential to running an effective security program.

Increasing Sophistication of Attacks

Malicious activity focuses on infiltrating and disrupting online service offerings.

Complex, Global Regulatory Requirements and Industry Standards

Each country may pass their own laws that govern the provision and use of online environments.

Cloud

Challenges

(5)

Evolution of Threats and Attacks

5

(6)

Why Attack?

• The reasons evolve over time

– Curiosity – Notoriety

– Profit (the Willie Sutton motive)

– Modern warfare

• Today we are somewhere between profit

and warfare

(7)

The Statistics

• 192% growth in spam from 2007 to 2008

• 75,000 bot-infected computers found daily in 2008, up 31% from 2007

• 90% of breaches in 2008 involved

organized crime targeting corporate information

• 285 million records stolen in 2008

– 230 million between 2004 and 2007

Statistics courtesy of Symantec Corporation

(8)

The Statistics

(continued)

• Hacking accounted for 60% of exposed identities in 2009, from 29% in 2008

• Credit card data accounts for 32% of goods advertised in the underground economy

• IP theft costs companies $600 billion globally

Statistics courtesy of Symantec Corporation

(9)

Attacks versus neglect

• Incidents involving negligence have

declined steeply over the past two years

Security breach incidents, by incident type, 1H08 – 2H09

0 20 40 60 80 100 120

1H08 2H08 1H09 2H09

Incidents

Negligence Attack

(10)

Attacks against providers

and customers

(11)

Types of Cloud and Internet Attacks

• There are two types of attack

– Against service providers

– Against customers of service providers

• We need to consider an evolving type of attack

– Against a country and its citizens

(12)

Attacks against providers and customers

The Provider

(13)

Cybercrime attacks against providers

• Most common attacks are

– Denial of Service (including DDoS)

– Web-site defacement (usually political)

– DNS hijacking

• Rarely seen are attempts to get access to billing records and other data

– Aurora attack in 2009 is an exception rather

than the norm

(14)

Cybercrime attacks against providers

(continued)

• Increasing number of sophisticated attacks against advertising networks and other ad- generated revenue systems

– Pay-per-click systems most exploited

• Most attacks can be defeated with

behavioural monitoring and log analysis

– Privacy concerns are an issue

(15)

Cybercrime attacks against providers

(continued)

• Some attacks against providers are a precursor to other crimes

– Extortion

– Attacks against customers of the provider

(16)

Defeating attacks against the provider

• Ongoing threat and vulnerability

management is key to defeating attacks

– Should be part of a comprehensive information security and risk management program

• Incident response teams should be well- equipped, with plans in place

• BCP/DR plans help recover from DoS

attacks

(17)

Non-attacks against the provider

• Cloud service providers have a new challenge to deal with

– Customers that use the provider’s services to launch attacks

• The cloud is a pre-built botnet

• The solution would be to monitor customer use of service for abuse

– Violation of privacy?

(18)

Attacks against providers and customers

The Customer: Consumer

(19)

Cybercrime attacks against consumers

• Criminals know humans are the weakest link in the security chain

– Exploited for centuries and adapted for cyberspace

• Typical attacks against consumers include

– Phishing (including spear-phishing)

– Fraud (popular on auction sites)

– Luring to compromised sites

(20)

Malicious Web Sites - Phishing

• A small number of sites account for the bulk of social network phishes

Active phishing sites tracked each month in 2H08 and 2H09, indexed to December 2009

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Jul-09 Aug-09 Sep-09 Oct-09 Nov-09 Dec-09

Social Networking Sites Online Services E-Commerce Sites Financial Sites

(21)

Distribution of Phishing Web-Sites 2H09

(22)

Stopping phishing attacks

• Service providers spend time blocking phishing emails

– Either caught as spam or visibly marked as

potential phishing attack on confidence factor

• Browsers and AV/AM software query databases of known sites real-time

– Warn users of known phishing sites

• Service providers issue take-down notices

(23)

Stopping phishing attacks

(continued)

• Education is part of solution

– Consumers need to learn what a phishing attack looks like

• Companies must follow best practices

– Do not send out phishing-style emails

– Do not ever request PIN numbers of customers

– Use two-factor authentication where feasible

(24)

Distribution of malware hosting sites 2H09

(25)

Distribution of malware 2H09

(26)

Distribution of Drive-By Sites 2H09

(27)

Attacks against providers and customers

The Customer: Enterprises

(28)

Cybercrime attacks against enterprises

• Companies moving to the cloud will be a target for criminal activity

– Companies using IaaS public cloud offerings may be most at risk, SaaS the least

• Typical attacks against enterprises include

– Cross-site scripting – SQL Injection

– Brute force authentication attempts

(29)

Cybercrime attacks against enterprises

• Companies moving to the cloud will be a target for criminal activity

– Companies using IaaS public cloud offerings may be most at risk, SaaS the least

• Typical attacks against enterprises include

– Cross-site scripting – SQL Injection

– Brute force authentication attempts

(30)

Automated SQL Injection Attacks

(31)

The Future

(32)

Cyberwarfare

• Nation States are starting to flex their cyber muscles

– It is possible to compromise user security and privacy without attacking the cloud or the user

• Non-State actors are increasingly active

– Conventional terrorists

– Minority interest groups

(33)

This material is for informational purposes only.

MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.

©2009 Microsoft Corporation. All rights reserved.

Microsoft, Active Directory, Hotmail, Microsoft Dynamics, MSN, SharePoint, SQL Server, Windows, and Xbox LIVE are either trademarks or registered trademarks of the Microsoft group of companies.

References

Related documents

The area known as the Middle East has been one of the world’s most troubled regions, especially since 1945. It consists of Egypt, the Sudan, Jordan, Syria, Lebanon, Iraq, Saudi

The central finding of the paper is a general existence re- sult: there always exists a sequence of payoff-improving trades that leads to a stable vote allocation in finite time,

Restraint on Money Market Mutual Funds As part of its credit restraint program, the Board required money market mutual funds (MMMFs) and other similar creditors

Disease is indicated by the 6' Cusp, 6th house, planets in the constellation of the occupants of the 6th house, the occupants of the &I' house, the planets in the constellation

On-Prem to Cloud Chip/CPU OS/VM Data App Services Cloud APIs Private, Public, Hybrid SaaS, PaaS, IaaS Security Connected.. Extended Enterprise

The reasons for this is that with hybrid solutions customers can achieve the benefits of iP without the cost and perceived risk of a total forklift upgrade often necessary to

In models of money supply growth ∆m, output growth ∆y, inflation ∆p, fluctuations in an interest rate ∆r and a rate spread rr, however, we find only one case in which

between post-ICU sleep efficiency, wake after sleep onset, and grip strength in mechanically ventilated, older adult patients within 24-48 hours of transfer out of the ICU