Information Technology

Can technology go too far in disturbing your peace?
Getty Images
The trend is inevitable.

more Technically Incorrect

And, as with so many trends, there’s pain too.Business owners have embraced technology as the elixir that offers speed and money-saving. Which has led to their permissiveness of its invasiveness running rampant.It’s not surveillance, many insist. It’s security. Meanwhile, their customers are left wondering who’s guarding the guardians.I wafted to this subject because of a tweet by a writer and drag queen. Joe Wadlington seemed excited that there was a new boutique hotel in the Castro district of San Francisco.But then he perused the rules perpetrated by the hotel’s management company, Kasa. It insists on quiet hours between 9 pm and 8 am. One person’s quiet is another person’s having a lovely time.So one section of Kasa’s rules offers: “Kasa apartments are proactively monitored for compliance with this noise policy.”Few enjoy the concept of proactive monitoring. It smacks of proactive snooping.Yet Kasa insists: “Decibel sensors notify the Company of sounds in the Kasa that exceed 75 decibels (dB). You hereby consent to the use of sound level monitoring.”I can hear you grunting at a minimum of 72 decibels. These people have sensors to monitor your every sound level? Isn’t that excessively, well, personal?And wait, how loud is 75 decibels? The University of Michigan tells me normal human conversation scores around 60. Office noise is a 70. And an average radio or vacuum cleaner scores a 75.You may, like me, find all this perplexing. Could it be that if you play the radio after 9 pm you’ll get a warning notice? And if you do it twice, you get a $500 fine or be kicked out of the hotel? (Them’s Kasa’s rules, you see.)For those who may not have visited the Castro district, it’s the home of the gay community and is a vibrant and sometimes loud place to be. The Bold Italic pointed out that if you claim your hotel is “community powered” — as the Hotel Castro does — its “current guest policies sit as an odious dichotomy to that very sentiment.”I fear some, though, may feel torn about the general principle.For many people, one of the more painful aspects of hotel existence is the prospect of thin walls and/or noisy people in adjacent hotel rooms.How many haven’t, at least once in their lives, called the front desk to complain about excessive noise coming from another guest — or, indeed, guests?If noise is being automatically monitored by technology, is this necessarily a bad thing?Then again, can technology really assess the true impact of noise? Is this better left to human judgment? And what if the people next door rather like the noise and even knock on their neighbor’s door to see if they can partake?Of course, many hotels are tending toward resisting human intervention because they’re resisting hiring humans. Indeed, as far as I can judge, the Hotel Castro has a virtual front desk.Ergo, once you’re in the grip of technological oversight, you’ll find it in places you don’t expect.Just as guests in Airbnbs these days have to ask whether the homeowner has an active camera system installed, so perhaps hotel guests may begin to ask questions about how they might be surveilled too.Sometimes, it’s hard to get a good night’s sleep, isn’t it? Or, as Wadlington put it: “I’m….so creeped out.”

ZDNet Recommends More

Two Zabbix vulnerabilities have been added to the US Cybersecurity Infrastructure and Security Agency’s catalog of known exploited vulnerabilities. Federal civilian agencies have until March 8 to patch CVE-2022-23131 and CVE-2022-23134 — a Zabbix Frontend authentication bypass vulnerability and a Zabbix Frontend improper access control vulnerability. Zabbix is a popular open-source monitoring platform. Patches for the issues were released in December. Zabbix explained that in the case of instances “where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified.””Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default),” Zabbix said. “To remediate this vulnerability, apply the updates listed in the ‘Fixed Version’ section to appropriate products or if an immediate update is not possible, follow the presented below workarounds.” Zabbix credited SonarSource’s Thomas Chauchefoin for discovering and reporting the issue. SonarSource released its own blog on the vulnerabilities where Chauchefoin goes into detail about the intricacies of the issue. He discovered it in November and noted that the initial patch proposed by Zabbix was able to be bypassed. BluBracket’s Casey Bisson explained that Zabbix is broadly used by businesses of all sizes to monitor servers and network equipment everywhere from data centers to branch offices. “A vulnerability that allows attackers past the authentication controls could give those attackers access to extensive details about the infrastructure,” Bisson said. “The details in Zabbix could reveal a map of sensitive company networks and equipment deep in company networks, including potentially vulnerable versions of software on that equipment. That information might be used to target further electronic attacks, social engineering, and spear phishing.”
CISA
Vulcan Cyber’s Mike Parkin added that Zabbix has a user base distributed worldwide, with a large portion of them in Europe, and spread across a range of verticals.  Both the National Cyber Security Center of the Netherlands and the Ukrainian Computer Emergency Response Team released notices about the issue in recent days. The Ukrainian notice says CVE-2022-23131 has a severity level of 9.1. Parkin noted that the attack surface is reduced because the target has to be in a non-default configuration, and the attacker needs to know a valid username. “Zabbix has included a workaround – disabling SAML authentication – and patches have been released, so it should be straightforward for affected organizations to mitigate this issue,” Parkin said.  More

NVIDIA has responded to reports that it was dealing with a wide-ranging cyberattack, telling ZDNet that it is in the process of investigating the cybersecurity incident. On Friday, British newspaper The Telegraph reported that the company had been facing two days of outages related to email systems and tools used by developers. “We are investigating an incident. Our business and commercial activities continue uninterrupted. We are still working to evaluate the nature and scope of the event and don’t have any additional information to share at this time,” an NVIDIA spokesperson said on Friday. The spokesperson did not respond to follow up questions about the scope of the attack and whether it was a ransomware incident. The chipmaker was recently embroiled in controversy over its attempt to purchase Arm for $40 billion. The deal fell apart earlier this month, with both sides of the deal citing “significant regulatory challenges” as the reason why. NVIDIA is the biggest chipmaker in the US and reported a revenue of $7.64 billion in the last quarter.  More

Multiple ransomware groups and members of the hacktivist collective Anonymous announced this week that they are getting involved in the military conflict between Ukraine and Russia.On Thursday, members of Anonymous announced on Twitter that they would be launching attacks against the Russian government. The hacktivists defaced some local government websites in Russia and temporarily took down others, including the website of Russian news outlet RT. The group claimed on Friday that it would leak login credentials for the Russian Ministry of Defense website.The actions came hours after Yegor Aushev, co-founder of a Kyiv-based cybersecurity company, told Reuters that he was asked by a senior Ukrainian Defense Ministry official to publish a call for help within the hacking community. Aushev said the Defense Ministry was looking for both offensive and defensive cyber actors.Anonymous was not the only group to get involved in the conflict. On Friday, ransomware groups Conti and CoomingProject published messages saying they supported the Russian government. A message posted by members of the Conti ransomware group. 
Brett Callow
Conti said it was officially announcing full support for the Russian government, writing that “if any body will decide to organize a cyberattack or any war activities against Russia, we are going to use our all possible resources to strike back at the critical infrastructures of an enemy.”Many experts interpreted the message as a response to an NBC story that came out on Thursday indicating US President Joe Biden has already been presented with several options for devastating cyberattacks on Russian infrastructure. The White House vociferously denied the report. Shortly after releasing the message, Conti revised it, softening the tone and support for the Russian government. The updated statement said Conti would use its “full capacity to deliver retaliatory measures in case the Western warmongers attempt to target critical infrastructure in Russia or any Russian-speaking region of the world.””We do not ally with any government and we condemn the ongoing war. However, since the West is known to wage its wars primarily by targeting civilians, we will use our resources in order to strike back if the well being and safety of peaceful citizens will be at stake due to American cyber aggression,” the new Conti message said.

The announcements came as Ukraine continued to face a barrage of DDoS incidents, phishing attacks and malware. CERT-UA said military personnel were being sent phishing messages and attributed the campaign to officers within the Belarus Ministry of Defense. Internet connectivity across the country continues to be intermittent, with Netblocks reporting outages in multiple cities. Experts were extremely wary of outside groups picking sides in the conflict and launching attacks on their behalf. The announcements further scared experts when NATO Secretary General Jens Stoltenberg said on Friday that “cyberattacks can trigger Article 5” of the NATO charter. Cybersecurity firm Sophos said the declarations from Conti and Anonymous “increase the risk for everyone, whether involved in this conflict or not.” “Vigilante attacks in either direction increase the fog of war and generate confusion and uncertainty for everyone,” Sophos said. Emsisoft threat analyst Brett Callow called the situation “unpredictable and volatile” but noted that Conti has made bold political claims in the past. “This is is probably just bluster too [but] it would be a mistake to assume the threat is empty. If your company hasn’t already gone Shields Up, now is the time,” Callow said. Bugcrowd CTO Casey Ellis said one of his primary concerns with recent developments is the relative difficulty of attribution in cyberattacks, as well as the possibility of incorrect attribution or even an intentional false flag operation escalating the conflict internationally. Conti’s position statement is noteworthy in light of Russia’s recent crackdowns on cybercrime and ransomware because it signals that they are either acting independently as the other groups seem to be or possibly operating with the Kremlin’s blessing, Ellis explained.Digital Shadows’ Chris Morgan noted that their data shows Conti was the second most active ransomware group in 2021 by number of victims. Morgan said they attributed several attacks against critical national infrastructure to Conti, including attacks on the healthcare sector in the United States, New Zealand and Ireland. The Irish government released a report this week saying the Conti ransomware attack that hit them last year may cost more than $100 million to recover from. “Conti’s activities have also recently been bolstered by hiring the developers of the infamous Trickbot trojan, which has also enabled them to control the development of another malware, the BazarBackdoor, which the group now use as their primary initial access tool. Conti consistently redefine and develop their working processes and should be considered a resourceful and sophisticated adversary,” Morgan said. Recorded Future expert Allan Liska told ZDNet the threat from ransomware groups deciding to retaliate is real and should be a concern. “Given what a hot mess Conti is right now, I have trouble believing they can organize an office luncheon much less a focused retaliation. That being said, we know ransomware groups have more targets than they can hit right now and we know when Ryuk decided to retaliate against the US in 2020 they were easily able to do so,” Liska said.”More broadly speaking, whether it is ransomware groups, anonymous, or Ukraine calling on ‘Cyber Patriots’ to assist Independent cyber activity is going to be part of any military action going forward. I am not saying it is a good idea, it is just the reality.”Others, like Flashpoint senior analyst Andras Toth-Czifra, said hacktivists getting involved in armed conflict is not a novel development, explaining that Anonymous has targeted governments before. But like Liska, Toth-Czifra said ransomware groups openly associating with the Russian government would be a “new and worrying development.””So far, Flashpoint analysts have not observed significant patriotic pride in illicit communities about Russia’s aggression against Ukraine, which is in line with the response of the Russian public in general. The situation is different from the emergence of “patriotic hackers” in the context of Russia’s 2008 war against Georgia: many Russian-speaking cybercriminals either live in Ukraine themselves or have Ukrainian associates or infrastructure,” Toth-Czifra explained. “But while the cyber underground has largely remained neutral so far, one shouldn’t forget that Ukraine has cooperated with Western law enforcement against ransomware gangs in recent years, which may influence the calculations of ransomware collectives. So far Flashpoint has seen another prolific ransomware gang (LockBit) suggesting that they would remain neutral.”On Friday the BBC reported on a Russian vigilante hacker group flooding Ukrainian government servers with DDoS attacks after work each day. One hacker admitted to emailing 20 bomb threats to schools, setting up an official Ukrainian government email address and hacking into the dashboard feeds of Ukrainian officials. The hacker openly boasted about the vigilante work they plan to take on in the future, which he said includes the use of ransomware. Allegro Solutions CEO Karen Walsh said the Conti declaration may also bring a measure of confusion to US companies with cyber insurance plans that have carve-outs for cyberattacks related to wars. “Depending on how the military legal experts classify Conti and any ransomware attacks perpetrated by cyber threat actors acting ‘on behalf of’ Russia, organizations may find that their cyber liability insurance doesn’t help them. In November, Lloyd’s Market Association published updates to their cyber liability policies that specifically address the war exclusion,” Walsh said.  “Notably, these changes mentioned cyber operations carried out in the course of war. As part of risk mitigation, companies should begin reviewing their cyber liability insurance exclusions and make sure that they question their carriers about their position on this issue.” More

Camera maker Axis said it is still struggling to deal with a cyberattack that hit its IT systems on February 20. In a message on its website, the Swedish camera giant said it got alerts from its cybersecurity and intrusion detection system on Sunday before it shut down all public-facing services globally in the hopes of limiting the impact of the attack. “Our ongoing investigation of the attack has come a long way but is not entirely finalized. So far, we have no indication that any customer and partner data whatsoever has been affected. As far as the investigation currently shows, we were able to stop the attack before it was completed, limiting the potential damage,” Axis said on Thursday. “Most prioritized external services have now been restored. Restoring the remaining services is our highest priority, together with doing it in a way that does not jeopardize security. The time of disconnected services and limited possibilities to communicate with Axis has been an unfortunate but necessary consequence. Our gradual entry into a post-attack normal is based on changes that help us avoid similar future situations.”The company announced the outages on Twitter but did not respond to requests for comment. On its status site Friday afternoon, Axis said its Case Insight tool in the US and the Camera Station License System were dealing with partial outages. The Device Manager Extend Device upgrades for OS and apps is dealing with a major outage, as of Friday afternoon. 

Update: The time of disconnected services over the past few days has been an unfortunate but necessary consequence. Our gradual reentry is based on changes that help us avoid similar future situations. Thank you for your patience. Read the full statement: https://t.co/0osAZjRJji— Axis Communications (@AxisIPVideo) February 24, 2022

Services are being restored gradually, the company said. Axis spokesman Chris Shanelaris told Bloomberg and SecurityInfoWatch.com that all public-facing internet services were disabled to protect the company’s systems. The attack was first reported by IPVM. Axis has not said if it is a ransomware attack.  More

A view of Kiev, Ukraine.
Getty Images
Editorial Note: In response to Russia’s “unprovoked attack on Ukraine” on February 23, the Cybersecurity & Infrastructure Security Agency (CISA) published an updated set of cybersecurity recommendations for organizations.In the five years since I first explored the potential impact of a Digital Cold War on the IT industry, tensions with Russia have gotten worse, especially following a series of cyberattacks on systems in the United States. These include Russia’s involvement in the SolarWinds breach, as well as its interference with the 2016 US presidential elections via attacks on the Democratic National Committee infrastructure and the purchasing of tens of millions of ads on Facebook in an attempt to sow discontent among US voters.Under Vladimir Putin’s leadership, the nation has focused on international cybersecurity activity for many years.

Ukraine Crisis

Ukraine invasionUnder the pretext of “Peacekeeping operations,” Russia has now initiated a full-scale invasion of Ukraine. Presumably, Russia also has been responsible for recent cyberattacks on Ukrainian banks.In response, the United States, NATO nations, and allied countries have imposed numerous economic sanctions on Russia, including blocking its two state-owned banks from debt trading on US and European markets and freezing their assets under US jurisdictions, as well as freezing the assets of the country’s wealthiest citizens. Germany has halted its plans on Russia’s Nord Stream 2 Gas Pipeline. Further wide-ranging sanctions are expected as Russia continues its assault on Ukraine.On February the 23rd, President Biden condemned the military action and said, “President Putin has chosen a premeditated war that will bring a catastrophic loss of life and human suffering. Russia alone is responsible for the death and destruction this attack will bring, and the United States and its Allies and partners will respond in a united and decisive way. The world will hold Russia accountable.”The economic impacts of this conflict will likely be significant, including a halt on Russian oil and natural gas exports to Western Europe and, presumably, the denial of civil and commercial air transit to Asia through Russian airspace. Although the United States, unlike Europe, is not a major consumer of Russian energy exports, it would be simplistic to say that Russia has no impact on US business at all.An extended conflict with Russia — coupled with the imposition of wide-ranging sanctions — will have a tangible impact on the global technology industry.Software companies with concerns about Russian connectionsMany companies with significant market share and widespread use within US corporations have various levels of connections with Russia. For example, some were founded in Russia and others are headquartered elsewhere but have a development presence within Russia and other parts of Eastern Europe.UK-incorporated Kaspersky Lab, for example, is a major and well-established player in the antivirus/antimalware space. It maintains its international headquarters and has substantial research and development capabilities in Russia, even though its primary R&D center was moved to Israel in 2017.It’s also thought that Eugene Kaspersky, the company’s founder, has strong personal ties to the Putin-controlled government. Kaspersky has repeatedly denied these allegations, but questions about the man and his company remain and will be further scrutinized, particularly as the conflict develops.In the past, evidence emerged that Kaspersky’s software was involved in compromising the security of a contract employee of the United States National Security Agency in 2015. Kaspersky Lab insists that, to the contrary, the evidence supporting this has not been properly established and has produced an internal audit of the findings.It’s also important to note that companies with no evidence of any wrongdoing are suffering guilt by association.NGINX Inc is the support and consulting arm of an open source reverse proxy web server project that is very popular with some of the most high-volume internet services on the planet. The company is of Russian origin but was sold to F5 Networks in 2019. The founder of the company, Igor Sysoev, announced his departure in January of this year.Parallels, Inc., which Corel acquired in 2018, focuses extensively on virtualization technology. Their Parallels Desktop is one of the most popular solutions for Windows virtualization on the Mac. Historically, their primary development labs were in Moscow and Novosibirsk, Russia. The company was founded by Serguei Beloussov, who was born in the former Soviet Union and later emigrated to Singapore. Two of their products, Virtuozzo and Plesk, were spun off as their own companies in 2017. Parallels’ Odin, a complex management stack for billing and provisioning automation used by service providers and private clouds running on VMware’s virtual infrastructure stack and Microsoft’s Azure, was sold to Ingram Micro in 2015.Acronis, like Parallels, is another company founded by Beloussov. After founding Parallels in 1999, and being involved with both companies for some time, he became CEO of Acronis in May of 2013. The company specializes in cybersecurity products for end-to-end device protection, and in the past, has had bare-metal systems imaging, systems deployment, and storage management products for Microsoft Windows and Linux. The company maintains its global headquarters in Singapore. However, it has substantial R&D operations in Eastern Europe in addition to operations in Israel, Singapore, and the US.

Special feature

Cyberwar and the Future of Cybersecurity

Today’s security threats have expanded in scope and seriousness. There can now be millions — or even billions — of dollars at risk when information security isn’t handled properly.

Read More

Veeam Software founded by Russian-born Ratmir Timashev, concentrates on enterprise backup solutions for VMware and Microsoft public and private cloud stacks. Like Parallels and Acronis, it is also multinational. For many years, it had much of its R&D based out of St. Petersburg, Russia. It was purchased by Insight Partners in 2020 and installed a new management team. However, it has yet to be determined how much Russian legacy code is in its products or continues to be contributed to them.These are only just a few examples. Numerous Russian software firms generate billions of dollars of revenue that have products and services that have significant enterprise penetration in the United States, EMEA, and Asia. There are also many smaller ones that perform niche or specialized services, such as subcontracting.It should also be noted that many mobile apps — including entertainment software for iOS, Android, Windows — also originate in  Russia.Russian services firms will also be impactedMany global technology giants in the software and services industries have used Russian and Eastern European developers in the past because of their high-quality and value-priced work compared to their US and Western Europe-based counterparts. And many have invested hundreds of millions of dollars in having a developer as well as reseller channel presence in Russia. World governments do not need to levy Iran-style isolationist sanctions against Russia for a snowball effect to start within US corporations that use Russian software or services.The escalation into full-blown conflict in Ukraine will make C-seats within global enterprises extremely concerned about using software that originates from Russia or has been produced by Russian nationals. The most conservative companies will probably “rip and replace” most off-the-shelf stuff and go with other solutions, preferably American ones.The Russian mobile apps? BYOD mobile device management (MDM) policies will wall them off from being installed on any device that can access a corporate network. And if sanctions are put in place by world governments, we can expect them to disappear entirely from the mobile device stores.Countless games and apps originating from Russia could be no more when actual sanctions on that industry are implemented.But C-seats aren’t going to wait for governments to ban Russian software. If there is any lack of confidence in a vendor’s trustworthiness, or if there is any concern that their customer loyalty can be swapped out or influenced by the Putin regime and used to compromise their own systems,  be assured that software of Russian origin will disappear very quickly from enterprise IT infrastructure.Contractor visas will certainly be canceled en-masse or will not be renewed for Russian nationals performing work for large corporations. You can count on it.Any vendor that is being considered for a large software contract with a US company is going to undergo significant scrutiny and will be asked if any of their product involved Russian developers. If it doesn’t pass the most basic audits and sniff tests, they can just forget about doing business in this country.So if a vendor does have a prominent Russian developer headcount, they will have to pack up shop and move those labs back to the US or country that is better aligned with US interests — as we have seen with the companies listed above. This goes especially for anybody wanting to do federal contract work.Then there is the issue of custom code produced by outsourced firms. That gets a lot trickier.Obviously, there’s the question of how recent the code is and whether or not there are suitable methods in place to audit it. We can expect that there will be services products offered shortly by the US and Western European IT firms to pour through vast amounts of custom code so that they can be sure Russian nationals leave behind no backdoor compromises under the influence of the Putin regime.If you thought your Y2K mitigation was expensive, wait until your enterprise experiences the Russian Purge.I don’t have to tell any of you just how expensive a proposition this is. The wealthiest corporations, sensing a huge risk to security and customer confidence, will address this as quickly as possible and swallow the bitter pill of costly audits.But many companies may not have the immediate funds to do it. They will try their best to mitigate the risk on their own, and compromised code may sit around for years until major system migrations occur and the old code gets (hopefully) flushed out.We will almost certainly be dealing with Russian cyberattacks from within the walls of our own companies for years to come, from software initially developed under the auspices of having access to relatively cheap and highly-skilled strategically outsourced programmer talent.Will Russian software and services become the first victim in a Digital War? Talk Back and Let Me Know. More

Cloud computing services have become a vital tool for most businesses. It’s a trend that has accelerated in recent years, with cloud-based services such as Zoom, Microsoft 365 and Google Workspace and many others becoming the collaboration and productivity tools of choice for teams working remotely.While cloud quickly became an essential tool, allowing businesses and employees to continue operating remotely from home, embracing the cloud can also bring additional cybersecurity risks, something that is now increasingly clear. Previously, most people connecting to the corporate network would be doing so from their place of work, and thus accessing their accounts, files and company servers from inside the four walls of the office building, protected by enterprise-grade firewalls and other security tools. The expanded use of cloud applications meant that suddenly this wasn’t the case, with users able to access corporate applications, documents and services from anywhere. That has brought the need for new security tools. Cloud computing security threats

ZDNet Recommends

The best cloud storage services

Free and cheap personal and small business cloud storage services are everywhere. But, which one is best for you? Let’s look at the top cloud storage options.

Read More

While it brings a number of  positives for workers, remote working also presents an opportunity for cyber criminals, who have quickly taken advantage of the shift to attempt to break into the networks of organisations that have poorly configured cloud security. Corporate VPNs and cloud-based application suites have become prime targets for hackers. If not properly secured, all of these can provide cyber criminals with a simple means of accessing corporate networks. All attackers need to do is get hold of a username and password – by stealing them via a phishing email or using brute force attacks to breach simple passwords – and they’re in. Because the intruder is using the legitimate login credentials of someone who is already working remotely, it’s harder to detect unauthorised access, especially considering how the rise of hybrid working has resulted in some people working different hours to what might be considered core business hours.Attacks against cloud applications can be extremely damaging for victims as cyber criminals could be on the network for weeks or months. Sometimes they steal large amounts of sensitive corporate information; sometimes they might use cloud services as an initial entry point to lay the foundations for a ransomware attack that can lead to them both stealing data and deploying ransomware. That’s why it’s important for businesses using cloud applications to have the correct tools and practices in place to make sure that users can safely use cloud services – no matter where they’re working from – while also being able to use them efficiently.Use multi-factor authentication controls on user accountsOne obvious preventative step is to put strong security controls around how users log in to the cloud services in the first place. Whether that’s a virtual private network (VPN), remote desktop protocol (RDP) service or an office application suite, staff should need more than their username and password to use the services.  “One of the things that’s most important about cloud is identity is king. Identity becomes almost your proxy to absolutely everything. All of a sudden, the identity and its role and how you assign that has all of the power,” says Christian Arndt, cybersecurity director at PwC.  Whether it’s software-based, requiring a user to tap an alert on their smartphone, or hardware-based, requiring the user to use a secure USB key on their computer, multi-factor authentication (MFA) provides an effective line of defence against unauthorised attempts at accessing accounts. According to Microsoft, MFA protects against 99.9% of fraudulent sign-in attempts.  Not only does it block unauthorised users from automatically gaining entry to accounts, the notification sent out by the service, which asks the user if they attempted to log in, can act as an alert that someone is trying to gain access to the account. This can be used to warn the company that they could be the target of malicious hackers. Use encryption The ability to easily store or transfer data is one of the key benefits of using cloud applications, but for organisations that want to ensure the security of their data, its processes shouldn’t involve simply uploading data to the cloud and forgetting about it. There’s an extra step that businesses can take to protect any data uploaded to cloud services – encryption. Just as when it’s stored on regular PCs and servers, encrypting the data renders it unreadable, concealing it to unauthorised or malicious users. Some cloud providers automatically provide this service, employing end-to-end protection of data to and from the cloud, as well as inside it, preventing it from being manipulated or stolen.  Apply security patches as swiftly as possible Like other applications, cloud applications can receive software updates as vendors develop and apply fixes to make their products work better. These updates can also contain patches for security vulnerabilities, as just because an application is hosted by a cloud provider, it doesn’t make it invulnerable to security vulnerabilities and cyberattacks. Critical security patches for VPN and RDP applications have been released by vendors in order to fix security vulnerabilities that put organisations at risk of cyberattacks. If these aren’t applied quickly enough, there’s the potential for cyber criminals to abuse these services as an entry point to the network that can be exploited for further cyberattacks. Cybersecurity agencies like the Cybersecurity and Infrastructure Security Agency (CISA) and UK National Cyber Security Centre often issue alerts about cyber attackers exploiting particular vulnerabilities. If the vulnerability hasn’t already been patched, then organisations should react to the alerts immediately and apply the updates. Use tools to know what’s on your networkCompanies are using more and more cloud services – and keeping track of every cloud app or cloud server ever spun up is hard work. But there are many, many instances of corporate data left exposed by poor use of cloud security. A cloud service can be left open and exposed without an organisation even knowing about it. Exposed public cloud storage resources can be discovered by attackers and that can put the whole organisation at risk. 

In these circumstances, it could be useful to employ cloud security posture management (CSPM) tools. These can help organisations identify and remediate potential security issues around misconfiguration and compliance in the cloud, providing a means of reducing the attack surface available to hackers to examine, and helping to keep the cloud infrastructure secure against potential attacks and data breaches. “Cloud security posture management is a technology that evaluates configuration drift in a changing environment, and will alert you if things are somehow out of sync with what your baseline is and that may indicate that there’s something in the system that means more can be exploited for compromise purposes,” says Merritt Maxim, VP and research director at Forrester. SEE: Network security policy (TechRepublic Premium)CSPM is an automated procedure and the use of automated management tools can help security teams stay on top of alerts and developments. Cloud infrastructure can be vast and having to manually comb through the services to find errors and abnormalities would be too much for a human – especially if there are dozens of different cloud services on the network. Automating those processes can, therefore, help keep the cloud environment secure. “You don’t have enough people to manage 100 different tools in the environment that changes everyday, so I would say try to consolidate on platforms that solve a big problem and apply automation,” says TJ Gonen, head of cloud security at Check Point Software, a cybersecurity company. Ensure the separation of administrator and user accountsCloud services can be complex and some members of the IT team will have highly privileged access to the service to help manage the cloud. A compromise of a high-level administrator account could give an attacker extensive control over the network and the ability to perform any action the administrator privileges allow, which could be extremely damaging for the company using cloud services.It’s, therefore, imperative that administrator accounts are secured with tools such as multi-factor authentication and that admin-level privileges are only provided to employees who need them to do their jobs. According to the NCSC, admin-level devices should not be able to directly browse the web or read emails, as these could put the account at risk of being compromised.

It’s also important to ensure that regular users who don’t need administrative privileges don’t have them, because – in the event of account compromise – an attacker could quickly exploit this access to gain control of cloud services.Use backups as contingency planBut while cloud services can – and have – provided organisations around the world with benefits, it’s important not to rely on cloud for security entirely. While tools like two-factor authentication and automated alerts can help secure networks, no network is impossible to breach – and that’s especially true if extra security measures haven’t been applied. SEE: Ransomware: Paying up won’t stop you from getting hit again, says cybersecurity chiefThat’s why a good cloud security strategy should also involve storing backups of data and storing it offline, so in the event of an event that makes cloud services unavailable, there’s something there for the company to work with. Use cloud applications that are simple for your employees to useThere’s something else that organisations can do to ensure the security of cloud – and that’s provide their employees with the correct tools in the first place. Cloud application suites can make collaboration easier for everyone, but they also need to be accessible and intuitive to use, or organisations run the risk of employees not wanting to use them.  A business could set up the most secure enterprise cloud suite possible, but if it’s too difficult to use, employees, frustrated with not being able to do their jobs, could turn to public cloud tools instead. This issue could lead to corporate data being stored in personal accounts, creating greater risk of theft, especially if a user doesn’t have two-factor authentication or other controls in place to protect their personal account.  Information being stolen from a personal account could potentially lead to an extensive data breach or wider compromise of the organisation as a whole. Therefore, for a business to ensure it has a secure cloud security strategy, not only should it be using tools like multi-factor authentication, encryption and offline backups to protect data as much as possible, the business must also make sure that all these tools are simple to use to encourage employees to use them correctly and follow best practices for cloud security. MORE ON CYBERSECURITY  More

Microsoft has brought its Defender for Cloud security system for weeding out configuration weaknesses in workloads to Google Cloud Platform (GCP). The extension of Defender for Cloud brings the security offering in line with the same Defender for Cloud security services Microsoft currently offers for workloads on Amazon Web Services (AWS). The two key Defender for Cloud services are Cloud Security Posture Management (CSPM) and Cloud Workload Protection (CWP) — two categories of security products that address cloud misconfigurations.Eric Doerr, corporate vice president of Cloud Security at Microsoft, noted there are no dependencies on Google’s own tools, easy onboarding from GCP workloads, and more than 80 recommendations to harden an environment in GCP or AWS. Microsoft’s own Azure of course is already integrated into Defender for Cloud.There is a dashboard that offers a quick overview across multiple clouds and a Secure Score for environments in those clouds. The recommendations include alerts about cloud storage buckets that are publicly accessible, alerts when multi-factor authentication (MFA) isn’t enabled for all non-service accounts, and where cloud SQL database instances don’t enforce incoming connections to use SSL encryption. There’s also extensive support for containers and servers as well as container protection for Google Kubernetes Engine (GKE) Standard clusters. Additionally, there is server protection to support Google Compute virtual machines, which relies on Defender for Endpoint and covers vulnerability assessments to behavioral alerts for VMs, anti-malware, and OS updates that need to be applied. As for multi-cloud, Microsoft believes it is the right time for security solutions that bridge major clouds, compounded by the ongoing shortage of time and talent in cybersecurity. “We’re hearing more and more from customers that they want simplicity and that they don’t want the complexity of ten different products that they’re using. They’re having a hard time defending the cloud infrastructure that they have,” Doerr said. “There has also been a shift from multi-cloud by accident to multi-cloud by intent. It’s core to the strategy of an increasing number of customers. They’ve got a reason why they’re doing that and yet it’s super hard for security teams.”Doerr reckons organizations have much to do to get ahead of the type of cybersecurity threats that prompted the Biden Administration’s new cybersecurity strategy for federal agencies. Yet it’s the simple stuff, like not patching or not using multi-factor authentications, where most organizations fall prey to attacks on their IT systems. “In the vast majority of cases when we’re helping customers respond to in a breach, even the the most sophisticated attackers, an awful lot of those start with something very simple like not using MFA, not having a good password policy, leaving a management port open on a piece of cloud infrastructure, patches not up to date,” said Doerr.  “Sophisticated attackers have a toolkit that includes the basic stuff and they try that first and if it works then they don’t need to spend the time on more advanced techniques. Part of the journey here as an industry is how do we raise the minimum bar. If we can get to the place where most organizations are nailing the basics of security, it will make a really big difference.”  More