Besides a total system meltdown due to unknown circumstances, a server under attack has got to be the worst thing an IT manager has to face.
Known for their ability to increase productivity and up-time, cloud terminal servers are now finding themselves targets for a growing number of cybercriminals. Even though they exist in the cloud, to which there is much security benefits, they are still servers. In the eyes of cybercriminals, they represent a network hub that, when cracked and exploited, can be a treasure trove of useful and profitable information. Today’s attacks come in various shapes and forms. Some are game enders if executed fully while others are like small papercuts, annoying yet manageable.
Throughout the past couple of years attacks that target cloud services have been steadily increasing. Just like an organic virus, cybercriminals needed a bit of time to adapt to the new technology and refine their methods. These days their attacks are nefariously simple. Hackers and fraudsters have basically taken some tried and true attack vectors that were highly successful in pre-cloud services days and adapted them to be used in cloud terminal servers.
Just like physical servers, the biggest hurdle that criminals face with cloud servers is access. Once hackers get inside servers they can run amok, wreak havoc, steal data and generate massive amounts of headaches for the IT security and management teams. But first they have to get in. Breaching data systems is nothing new for cybercriminals. They have been doing it for decades using phishing, malicious code, inside help, DoS attacks and other such means. What many criminals have found is that by making a slight pivot and applying similar tactics to cloud servers, they can achieve similar success.
The main draw with cloud terminal servers is that they have the ability to increase the efficiency to which a company can do business. By utilising various systems, cloud servers can keep a company online even in the event that a single system suffers critical failure. However, each supporting system also represents a point of entry for attackers. Each piece of technology used in conjunction with the cloud server presents its own danger. Therefore, in the case of cloud servers that need to use multiple pieces of technology, the danger is multiplied due to the amount of “moving pieces”.
Don’t forget that there is also the human element in play. The truth is that even a cloud servers security measures can be compromised by human error or human malice. Security codes and passwords can be misplaced. Entry can be accidentally granted to the wrong individuals. Both of which are prime, and common, examples of breaches that can occur with human error. However, credentials are not the only ones that can be compromised. When the very people that are running the servers are compromised then there is no telling what mischief they can get into. The fact is that the majority of data breaches occur with the help of, or is due to, an insider within the company. It is a sad fact, but a reality nonetheless.
One of the many features of cloud servers is that they can be accessed from nearly anywhere on the planet, given that you input the correct credentials on an interface that can be accessed from the internet. While this may prove highly convenient for users, it is also highly convenient for hackers. Now, hackers need not hack and then sneak into the server room to access a physical server; they just need to hack the interface that will allow them access to the cloud server. Interfaces and APIs are the “face” of the cloud server, and is its most vulnerable part. Implementing a threat detection system and protocols on how to deal with such threats and even possible penetration are key to patching this weakness.
Denial of Service or DoS attacks are nothing new. They’ve been around for years and everyone from crooks, to government organisations to political revolutions have either used them or have felt its bite within the last decade. The goal of DoS attacks is to literally hinder your systems ability to process data by clogging it with a ridiculous amount of incoming data. This form of attack usually utilises a botnet to essentially bombard the server with packets of data and bring the servers’ processing capabilities to a grinding halt. These days multiple attackers can use the fantastic-sounding low obit ion cannon (LOIC) to perform a DoS attack. LOIC was initially developed with good intentions as a means to stress test systems. However, in the wrong hands a couple of attackers can simultaneously unleash LOICs on a server and carpet bomb a cloud server from multiple angles. As if that was not bad enough, LOICs can be downloaded as an executable app on smartphones.
Preventing a DoS attack is difficult and near impossible. However, by developing proper mitigation and handling processes, IT security teams can be better prepared when a DoS attack hits. By being able to quickly and correctly react to a DoS attack, the losses can be minimised and production restored by having continuous access to files, data and resources that would have been otherwise knocked offline by the attack.
The truth is that cloud servers, for all the benefits they bring to a company’s productivity, are still very susceptible to attack. Much like its physical cousins, cloud servers are not impervious to malicious code, human error, DoS attacks and good old hacking. Criminals have been doing this for a very long time and, due to breaches to high profile companies such as Hilton Hotels and Ashley Madison, they have proven to be quite efficient at it. Fortunately IT security practices have also been fighting off these attacks for a long time as well, and have been refining defenses in the same amount of time that hackers have been refining their attacks.
Avoid breaches that can cost you, your company and your customers. Follow the best practices set by the industry and the security experts that operate within.
Editor’s Note: This blog article was written by an outside contributor – a guest blogger – for the purpose of offering a wider variety of content for our readers. However, the opinions and recommendations expressed in this guest blog are solely those of the contributor, and do not necessarily reflect those of The Security Awareness Company, LLC. If you are interested in writing something for us, please do not hesitate to contact us: firstname.lastname@example.org.