Mannu Kalra, Director, Product Management, Asia Pacific & Japan, FireEye, talks about two interesting ways in which attackers or hackers pierce through the cloud security mechanism
Web attackers or hackers are a persistent threat to cloud applications. They are resourceful individuals sponsored by nations to go after one’s assets in the cloud or elsewhere. They penetrate through the security shield in various ways, of which trust model and workflow model are only two.
The trust model exploits the user’s trust in an application hosted in cloud. The attacker exploits a vulnerable web application and plants malicious code in cloud, and when an unsuspecting user visits the service, it gets infected by the code. The exploit code then executes its objective of downloading a bigger portion of malware on the end-user system.
The malware then passes the control to the attacker, who can either use the old system to expand laterally or execute all data scaling. It is simple as data encryption and other masking technologies are rendered useless from the perspective of the client or the end user.
The second one-workflow model – exploits the trust model itself. Most of the sites encourage the user to upload files and data. The attacker phishes the end user, plants an exploit code in the data the user is going to upload and then puts that in the cloud. The unsuspecting back-end processing engine opens the exploit code and thus gets compromised.
“An attacker plants an exploit code in the data the user is going to upload and then puts that in the cloud. The unsuspecting back-end processing engine opens the exploit code and thus gets compromised“
A simple way to prevent these exploits is to see them from a user’s perspective. There are products and technologies that emulate an end user’s behaviour and let you investigate the incoming or outgoing data stream in its entirety.
In such cases, the best way is to set up data diodes – a mechanism that ensures a one-way exchange of information from a non-trusted source to a trusted one.
The other way can be setting up a virtual machine-enabled security platform that can go out and proactively scan the websites and identify any malware used by the websites and alert the administrators at the back end.
In both methods, the beauty lies in their simplicity, the way they end up exploiting an end user’s system. They exploit the trust between the client and the server or the service provider, and likewise, they exploit the work flow. However, to date, we do not have any single silver bullet remedy for such exploits.
Click here to Watch Mannu Kalra Speaking Live