The Cloud expands organizational reach and facilitates the consolidation and integration of its disparate parts. But, it also opens the computing systems to sophisticated cyber threats that are multi-staged and multi-vector, sophisticated attacks. Unfortunately, these types of threats have not been encountered in the past and there are no security protocols in place to handle them. There is a need to understand how they work before they can be countered and eradicated.
Multi-vector threats are the cyber criminal’s insurance against failure. The simultaneous attacks across the vectors increase the chances of getting a hit and breaking down the network defenses. The operating system or application vulnerability is exploited and the attacks are delivered using the web or email. Understandably, the code executes because of the inability of the conventional security mechanisms to handle the non-conventional threat.
The cyber attacks are not one shot attacks. They are staged attacks that gradually and persistently break down the layers of defenses instituted on the Cloud backup systems. This makes for invisibility. For instance, the sophisticated cyber attack may have a five stage invasion protocol.
Stage one is generally devoted to System exploitation. These are called “drive by” attacks that target casual browsing practices and blended in with email threat vectors.
Stage two uses executable payloads for malware delivery and establishment of control over the IT systems. The attack translates into hundreds and thousands of infections on the same system or over all the systems on the network. Key loggers may be infected and Trojan backdoors, password crackers and other similar tools may be silently introduced to strengthen the attack.
Stage three is the stage at which the cyber criminal gains access to the system. The malware calls back for receiving further instructions. At this stage, the malware is well disguised and resistant to detection by traditional anti-virus scans. Even reinstalling missing components or reinstalling a whole application does not eradicate the infection.
Data ex-filtration is the fourth stage. Data is ex-filtrated using encrypted files using FTP and HTTP protocols to an external server that is compromised and in the control of the cyber criminal.
The malware begins to spread laterally in the last stage of the operation and firms up its control over the network.
The price that is paid by the end-user is very high. The fallout of the attack is unaffordable. Loss of privacy of data follows hard on the heels of compromised security. Loss of reputation, loss of business and penalties of lack of legal compliance are automatic.