Abuse of Cloud Services and IoT

We’re pleased to be partnering with Cisco for this blog. Scroll down to download the Cisco 2018 Annual Cybersecurity Report

Ask any cybersecurity professional and most will agree that a large percentage of modern technology was developed without a ‘security first’ mindset. That is, companies work to ship a product and then try to backtrack on implementing security controls once that product is already in the hands of consumers.Adversaries have become adept at manipulating the vulnerabilities left unpatched in these devices, where IoT and cloud services are no exception. In their Annual Cybersecurity Report (ACR), Cisco threat researchers share significant findings about attacker behavior over the past 12 to 18 months, delving into the specific attack vectors leveraged during this time.When it comes to IoT devices, there is a particular layer of complexity added to the evolving security landscape. The risk of the devices, coupled with lacking organizational policies surrounding BYOD, leave many companies with more questions than answers surrounding which devices fall under their jurisdiction.“Organizations keep adding IoT devices to their IT environments with little or no thought about security, or worse, take no time to assess how many IoT devices are touching their networks. In these ways, they’re making it easy for adversaries to take command of the IoT,” the report states.Undefended Gaps in SecurityResearch conducted by Cisco partner Radware indicates that only 13 percent of organizations believe that IoT botnets will be a major threat to their business in 2018. Often, organizations are unmotivated to speed remediation, prioritizing other threats over that of the IoT.Unfortunately, however, IoT botnets are on the rise as organizations continue to disregard their danger. Easier to control than a PC, IoT devices serve as targets of executable and linkable format (ELF) binaries since most devices are Linux- and Unix-based.With an increase in IoT botnets, comes an increase in the number of application layer attacks overall. This means professionals will continue to have difficulty defending both IoT and cloud service environments, evident in the struggles practitioners are already facing in determining legitimate network traffic.Because of all the ‘noise’ security practitioners are tasked with sifting through, in conjunction with the fact that many companies are unaware of which devices are connecting to their network or which services are being accessed by employees, has led to internal chaos easily exploited by adversaries.Cloud services such as Google Docs and Dropbox (Figure 18), when leveraged for the purpose of command and control (C2), are even more difficult to determine as fraudulent network traffic and can easily penetrate established defenses.As noted in the ACR, “These types of services face a dilemma in combatting abuse, as making it more difficult for users to set up accounts and use their services can adversely affect their ability to generate revenue.”Defending the Changing Security LandscapeInternally, organizations struggle on whether or not it makes sense to block usage of legitimate Internet services. This enforces the need for a refined security policy and more stringent rules surrounding BYOD.Cisco researchers advise using intelligent, first-line-of-defense cloud security tools, which can prevent users from connecting to malicious sites while on an enterprise network.“Organizations can then determine whether the devices are scannable and still supported by vendors, and which employees in the company own and use them. Organizations can also improve IoT security by treating all IoT devices like other computing devices—helping to ensure they receive firmware updates and are patched regularly,” the ACR advises.The Cisco 2018 Annual Cybersecurity Report is designed to help organizations and users defend against attacks. This report looks at the techniques and strategies that adversaries use to break through those defenses and evade detection.The report also highlights major findings from the Cisco 2018 Security Capabilities Benchmark Study, which examines the security posture of enterprises and their perceptions of their preparedness to defend against attacks.

To read the complete Cisco 2018 Annual Cybersecurity Report, click here to download. Additionally, you can earn a badge and a Certificate of Completion when you pass the ACR 2018 Assessment, available here. Simply apply code ACR2018 to take the assessment free.