Ran Nahmias, the head of Cloud Security at Israeli firm Check Point, told iTWire during an interview that the chances of misconfiguration of a cloud environment were much greater that in a traditional computing environment as the staff managing the cloud were, in many case, lacking in cloud specific competencies and knowledge. It was also often the case that there were insufficient expert staff to attend to security.
He said a lot of unintentional risks would come from migration to hybrid cloud environments without the customer fully understanding the scale and scope of the migration and not adequately planning the migration.
In the past it was clear what your hardware was, what was running on it and who was responsible to maintain a server, what patch levels and what vulnerabilities existed. While the cloud providers offered security for their environment, when someone ran an application on it, the customer was responsible for configuring that application to be secure.
Nahmias has been with Check Point for many years and leads the company's business unit which has a mix of engineers, architects and other cloud security specialists. The unit has about 150 staff in all and brings in about US$100 million in annual revenue. He was in Australia to speak at a conference organised by the company.
Asked about the potential impacts of a cloud breach, Nahmias pointed to last year's malicious cryptomining attack on a Tesla cloud environment, where attackers had gained access to sensitive company data and computing power that they used to mine cryptocurrency.
Ran Nahmias says the intensity of attacks has increased because of two motivating factors: money and zealotry. Photo: Sam Varghese
As a Tesla user himself, he said he was relieved that the attackers had used their access only for mining cryptocurrency, when it was also possible that they could have gained access to data that would have allowed them to tamper with the company's electric vehicles while they were being driven by customers.
He pointed out that there were infrastructure facilities that reported their status via the public Internet and if attackers gained access to such facilities, they could turn off the cooling resulting in a major disaster. Such facilities employ strict and stringent security practices, but, theoretically, could pose a risk.
Nahmias said the intensity of attacks had increased because of two motivating factors: money and zealotry. Some attackers would access a site through a backdoor and hold a company to ransom using ransomware; in these cases, there were two schools of thought, one that held that paying up was better as the company would stand a good chance of getting the data back. Also, these attackers needed to maintain their reputation in order that their threats would work with other companies. If word got out that they were not delivering on their promise to restore data after payment, then their business model would not work.
The second school of thought was that one should never negotiate with cyber terrorists. Nahmias said he had no view on which approach was better.
But, he said, in the case of individuals who were subject to ransomware, historically there was less chance of attackers honouring their word to decrypt files after payment was made.
Another reason Nahmias advanced to explain the increasing complexity of attacks was that hackers were often creating attack tools on the systems that they had penetrated, using a single line of code to effect the initial entry. Then that code drew on the host system and created the attack tools.
Further, these tools were timed to go off, maybe on the second or third boot. This was a tactical step because a system was at its most vulnerable while booting up as its own defences were yet to all be in place.
Asked about the biggest security issues in 2019 and what companies could do to better prepare and protect themselves and their assets, Nahmias replied: "Looking forward, we see a potential rise in threats resulting from multi-environments companies are running their compute and resources on. The spread to clouds (private, public, hybrid and multi) is a common practice and in many cases those environments are managed 'individually' and not holistically.
"Lack of unified, tight, governed security posture is high risk and may create undesirable security risks. The speed at which companies rush to the cloud, the drivers of the transition and the time it takes to wrap adequate security practices and defences around cloud environments, may pose potential increased risks. Targeted, sophisticated attacks are also a growing cyber-crime methodology that is exploiting weak links in the security posture: mobile devices, roaming laptops, BYOD are all potential weaker links. User behaviour is also somewhat of a risk."