The Increasingly Ferocious Battle for Cyberspace

 

Only recently, 6 million Battle for the Galaxy gamers were hit by a data leak as the developer, after misconfiguring a cloud database, accidentally leaked their player profiles.

This exposed 1.5TB of data via an Elasticsearch server.

As cybercriminals become evermore technologically sophisticated, evermore ingenious, mistakes like this only play into the enemy’s hands.

And yes, they are your and your clients’ enemy. This isn’t a game by any means.

After a series of high-profile cyberbreaches, the U.S. Department of Justice is at last seeking to elevate investigations of ransomware attacks to a similar level as terrorism.

To ensure the cloud remains a safe place to conduct business, everyone needs to be working together to thwart the attacks and begin to turn the tide.

We’ve gathered together here a number of articles on trending security issues that make for essential reading.

 

Battle for the Galaxy: 6 Million Gamers Hit by Data Leak

A Chinese game developer has accidentally leaked nearly six million player profiles for the popular title Battle for the Galaxy after misconfiguring a cloud database, Infosecurity has learned.

AMT Games, which has produced a string of mobile and social titles with tens of millions of downloads between them, exposed 1.5TB of data via an Elasticsearch server.

A research team at reviews site WizCase found the trove, which contained 5.9 million player profiles, two million transactions, and 587,000 feedback messages.

 

DOJ Treating Ransomware As Terrorism Brings It ‘Out Of The Darkness’

The U.S. Department of Justice is reportedly seeking to elevate investigations of ransomware attacks to a similar level as terrorism after a series of high-profile cyber breaches, including the Colonial Pipeline attack.

MSPs think it’s a first great first step, but more needs to be done.

“Anytime you can bring awareness to any situation, especially a situation where people are being taken advantage of, it’s always going to be a good thing. This is a step in the right direction,” said Michael Crean, president and CEO of Solutions Granted, a Woodbridge, Va.-based MSSP.

 

As Ransomware Demands Boom, Insurance Companies Keep Paying Out

This week, US authorities announced that they had managed to recover $2.3 million of that ransom, raising further questions about who would receive that money—Colonial Pipeline or its insurance carriers—and what signal it would send to ransomware victims and their insurers.

In May, the same week that Colonial Pipeline made its ransom payment, the insurance carrier AXA announced that it would stop covering ransom payments under its cyberinsurance policies in France.

Around the same time, Swiss Re CEO Christian Mumenthaler said in an interview that “overall the problem [of cybersecurity] is so big it’s not insurable.”

But anyone hoping that insurance companies might be the ones to break the cycle of million-dollar ransom payments will likely end up disappointed.

 

The shared responsibility model explained and what it means for cloud security

Cloud adoption has accelerated in the past year as organizations scrambled to support a remote workforce.

Despite this rapid adoption and growth, companies often misunderstand a key cloud concept: the shared responsibility model (SRM).

Many business leaders still ask, “Is the cloud secure”?

This is the wrong question.

A more appropriate question would be, “Are we, as a security team and organization, securing our share of the cloud?”

The overwhelming majority of cloud data breaches/leaks are due to the customer, with Gartner predicting that through 2025, 99% of cloud security failures will be the customer’s fault.

 

Most CISOs worry cloud software flaws aren’t being caught

According to a worldwide survey of CISOs in large enterprises with over 1,000 employees, 89% of CISOs said microservices, containers, and Kubernetes have caused application security blind spots.

The survey also found 97% of organizations don’t have real-time visibility into runtime vulnerabilities in containerized production environments.

Pressures to make code live and not having the right tools and processes to ensure code is vulnerability-free for cloud-native apps have worsened these issues.

Over two-thirds of CISOs (68%) said the volume of alerts makes it very difficult to prioritize vulnerabilities based on risk and impact.

 

Required MFA Is Not Sufficient for Strong Security: Report

Multi-factor authentication (MFA) is among the most useful measures companies can use against the rise in credential attacks, but attackers are adapting, as demonstrated in a variety of bypasses that allowed them to infiltrate networks — even those protected by MFA.

In an analysis of recent attacks, identity and access management firm CyberArk found at least four ways that attackers, including its own red teams, could circumvent MFA or at least greatly diminish its benefits.

Attackers behind the SolarWinds Orion compromise, in a recent example, stole the private keys for single sign-on (SSO) infrastructure at many companies and then used those keys to bypass MFA checks.

 

‘Siloscape’ Malware Targets Windows Server Containers

A newly identified piece of malware that targets Windows Server containers can execute code on the underlying node and then spread in the Kubernetes cluster, according to a warning from security researchers at Palo Alto Networks.

Dubbed Siloscape, the heavily obfuscated malware was designed to install a backdoor into Kubernetes clusters, which can then be used to run malicious containers and perform various other nefarious activities.

As part of the observed attacks, which have been ongoing for more than a year, initial access is achieved through web servers and other cloud applications, container escape techniques are used to execute code on the underlying node, after which the node’s credentials are abused to spread in the cluster.

 

Are your cyber defenses stuck in the sandbox?

Sandbox-based cybersecurity solutions are a protected and isolated environment on a network that simulates a company’s production network for security testing and analysis purposes.

In advanced threat protection, sandboxing provides an added layer of protection in which any email that passes the email filter and still contains unknown URL links, file types, or suspicious senders can be isolated and tested before they reach the network or mail server.

But as more businesses move their critical data and cybersecurity defenses to the cloud and the volume of network traffic increases substantially, enterprise cybersecurity teams are rethinking their use of sandbox environments.

 

8 Factors that could compromise the security of a cloud infrastructure

Businesses has accelerated their move to the cloud post Covid thanks to the secure access to cloud infrastructure from anywhere for a workforce that is mostly working from different parts of the world and/or working from home.

So, what are the factors that an enterprise should be looking at to migrate to cloud securely, so that a quick move to cloud does not compromise their infrastructure to hackers and external forces?

How to identify the pain points upfront before and during the move, and fix them before the attackers can exploit them?

 

Nurturing a Relationship between AI and the Security Team

No matter the industry, adding AI technologies to work processes has made a lot of employees nervous.

There is fear that automation is taking over and that robots will eventually push out the human workforce.

To quell these fears, it’s the responsibility of business decision makers to instead nurture the relationship between humans and AI/ML technologies and show how technology can help make the worker more productive and decrease burnout.

This is especially true in cybersecurity, where AI/ML technologies are built into security systems to detect, for example, anomalies in user behavior patterns and logs—the kind of thing that is necessary for good security posture, but nearly impossible for humans to manage alone.

 

You and cybersecurity

Everyone can play their part in helping defeat the cyberthreat. Even if it’s just by ensuring your and your clients’ systems are as secure as they can be. Otherwise, even the strongest chain fails if it contains weak links.

You can find more helpful articles on maintaining network security here.

Related content

Blog

Five tips for staying ahead of cyber security threats

Blog

Wireless Encryption Protocols: The Complete Guide

Blog

3 articles about the future in cloud and security

Back to top