Clouds Will Become APT Targets

Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

NIST SP 800-145

Advanced Persistent Threat

APT or Advanced Persistent Threat describes cyber attacks mounted by organizational teams that have deep resources, advanced penetration skills, specific target profiles and are remarkably persisent in their efforts. They tend to use sophisticated custom malware that can circumvent most defenses, stealthy tactics and demonstrate good situational awareness by evaluating defenders responses and escalating their attack techniques accordingly.

Hackers select their targets based on a variety of missions they pursue. Low end “script-kiddies” may only want to deface a web page to prove their skills to friends. Intermediate level hackers are mostly motivated by the profit of collecting personal identity information and selling it or using it for financial fraud themselves. As the middle hackers climb the food chain, they learn to identify target rich environments that can yield more gain per effort. Todays high end hackers are often connected in some way to industrial espionage or national security teams and are either after information that can be sold or a position to manipulate something that somebody will pay them for.

For either the intermediate or high end hacker, a cloud computing environment will offer a tempting target. Current cloud defenses are all over the map, just like corporate computing networks. Some may be well defended, but others are not. Many of the cloud targets of interest to hackers will be public clouds that loudly proclaim their ability to isolate and protect both processing threads and data. Hackers will be able to subscribe to obtain account credentials and then will have to work to pivot that position into one that breaks the isolation.

Just as hackers outside the cloud find vulnerable systems to launch untraceable attacks from, it will be possible to do the same thing from inside the cloud itself. The cloud service provider will need to patch OS images aggressively to prevent conventional exploits from opening holes in the VMs deployed inside the cloud. But that is not the only pathway for the hackers. Configuration mistakes also open many holes and they will be more difficult for the cloud provider to police. Zero day vulnerabilities in hypervisor software offer a scary scenario and perhaps the level of stealth that APT level attackers seek.

A private cloud can be as well segregated and defended as a private network, but then, most of the recent high profile APT targets in the news seem to fit that description.

Cloud Security
Advanced Persistent Threat
APT (more)

Comments are closed.