From the disappearance of code space to look at the hacker attack behavior in cloud era

For the code space in the hands of the disappearance of the hacker, because in the money can not meet the hacker, only in the data to meet the hacker, may seem to be unavoidable, but in hindsight, it is the idea of a very magical thing.

In an exclamation of code MSN failure, we found a problem where similar problems often occur.

A cloud has a potentially fatal error, and its data exists in the form of an incorrectly labeled label. An older version of the API key may have been accessed or leaked through a connection to a Third-party partner, but the investigation is still ongoing.

Instead, another cloud-hosted SaaS provider, one more Cloud, was also attacked by hackers, but its coverage was small. This is because it can be very united in defense and survival. If the cloud is not secure, it might as well see the attack as the direction of change for cloud management.

We can see that two hacker attacks have a lot of similarities, for example, they all happen in AWS EC2, are targeted at Githubs database, are compromised with user data. Indeed, Code MSN hackers are, to some degree, very complex, containing attacks on DDoS, the demand for ransom, and the deletion of data in the Control Panel.

But these two kinds of attacks we see a completely different result. Code MSN is a software collaboration platform, as simple backups cause severe data loss, and data separation and crisis management ultimately lead to the closure of code MSN companies. And one more Cloud, in order to restore customer data face a week-long battle to achieve comprehensive data recovery. Experience has shown that the discovery of the problem has a strong connection with the customer communication strategy and the isolation strategy that takes the lead in the protected account.

The common feature of two cloud vendors is the confusion of the security architecture and inadequate response plans. It is worth emphasizing that all two companies have developed safety measures. But the problem is that attackers can always exploit vulnerabilities in security.

Regardless of whether the user likes, in any similar situation, the cloud service provider will shirk the responsibility. Access management, backup and data separation is still the user's own responsibility. Cloud service providers are increasingly providing security tools, but whether users choose to use these security tools depends entirely on the user. However, for many businesses, this requires them to enter uncharted territory and snatch time and resources from the main line of business. Many of these migrations in the cloud cannot afford any sacrifice, which exposes the user's weaknesses.

This may lead to a sense of crisis in the company's building a cloud. Security has become a hot potato, whether it is a cloud service provider or a business that is willing or able to manage security issues. They want to make progress together in security and secretly pray that hackers don't attack. However, relative to the perceived code MSN and some of the clouds that are directly hit, perhaps the user should heed the warning of the attack, and the company should take the attack as a catalyst for corporate cloud reform. The current "Let go" strategy is no longer effective, and the adoption of some basic security principles has become more urgent.

In essence, cloud computing networks are no different from any other form of network architecture. There will be inherent risks that need to be evaluated and used to identify business risk preferences.

What is needed now is a time-tested contingency plan, effective communication within and outside the channel, and the development of detailed recovery strategies to restore critical business operations. However, at some point, cloud service providers should be contacted to coordinate the implementation of these steps. For example, a session that recognizes the Access management console to view and terminate an activity must be from a vendor.

In recent days, developers have tried to avoid these barriers by using a tool called Elasticsearch, which has become one of the ways of security and has been used in cloud DDoS. Elasticsearch can be used to perform retrieval, among other things, and document logons in cloud computing environments, including AWS EC2 Services. Users have been calling for updates to the cloud vendor's software to fix the vulnerabilities, but application updates will become the responsibility of cloud vendors, which is one of the risks, even if updated, that can only be piecemeal implementations. This continues the culture of self-reliance in As-hoc security applications, and ignorance and confusion allow attacks to increase.

Clearly, there is still a security blind spot in the cloud, but these can be mitigated. Organizations must ensure that they have rudimentaries to implement role-based access control, dual-factor authentication, encrypted key storage, and remote offline backup.

Must be alert to the activity monitoring and anomaly set in the contingency plan and regular security review to ensure adequate control. Companies can seek the same external assistance as these elements, but the company should also bravely discuss difficult issues with cloud service providers.

It is important to determine whether the CSP holds any accreditation, especially ISO27001, ISO9001 and ISO20000, and to check whether any services included within any such certification range are available. Does CSP have its own DDoS attack mitigation solution or does it depend on an ISP? What firewall functionality does it have to do with these extensions and Web application firewall settings based on the user's application and business requirements? Does CSP provide multifactor authentication and secure access to VPN? How does vulnerability scans occur and how they are monitored?

Do not be afraid to ask questions about where the data will be stored (geography and separation), how activities are tracked (recording and termination clauses), and to maintain communication and seek redress to understand whether the supplier can violate the service. In the latter case, a specialized standard such as "evidentiary power and the legal admissibility of electronic information norms" used by bs10008:2008 would have additional protection if the cloud supplier attached to it.

The recent spate of attacks has proved that many people have been waiting to denounce the security of the cloud. But many de-perimeterisation network implementations mean that the cloud is now working effectively or running in a virtual environment at some time, to keep innovation and cloud integrity.

Going into the cloud without enough security is like losing a spare key or worse, locking the door when you fail to find the key. It is true that the user may never be stolen, but is the user willing to seize this opportunity to improve? In addition to effective locks and keys, doors must be targeted, so there must be a safe relationship between the user and the cloud provider.

This attack reminds us that security requires effective execution, assigning responsibility, effective logging, and data backup, and storing data in several different places to spread the risk. And when things go wrong, there is no alternative to a time-tested coping strategy. However, we cannot ignore the fact that the cloud is an efficient tool for managing data that balances enterprise size and competition. What is at stake is not more worth defending than the livelihoods of people and future economic growth.

Original link: http://www.information-age.com/technology/cloud-and-virtualisation/123458406/ Catastrophe-cloud-what-aws-hacks-mean-cloud-providers

If you need to know the latest AWS information or technical documentation to access the AWS Chinese technology community, if you have more questions please ask at the AWS Technology Forum and experts will answer later.

Subscribe to the "AWS Chinese technology Community" micro-credit public number, real-time command of AWS technology and product information!

The AWS Chinese technology community provides an Amazon Web service technical Exchange platform for the vast majority of developers, pushing the latest news, technical videos, technical documents, wonderful technical blogs and other related highlights from AWS, as well as having AWS community experts to communicate with you directly! Join the AWS Chinese technology community to quickly and better understand the AWS cloud computing technology.

(Translator/li Zebian/yuping)