Evolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance

Transcription

1 Evolving Threats and Attacks: A Cloud Service Provider s viewpoint John Howie Senior Director Online Services Security and Compliance

2 Introduction Microsoft s Cloud Infrastructure Evolution of Threats and Cyberattacks Attacks against Customers and Providers The Future

3 Microsoft s Cloud Environment Consumer and Small Business Services Enterprise Services Third-Party Hosted Services Cloud Platform Services Compute runtimes Identity and directory stores And others Cloud Infrastructure Physical infrastructure Logical Infrastructure Global Foundation Services

4 Cloud Security Challenges Growing Interdependence Amongst Public and Private Sector With these new dependencies come mutual expectations that platform services and hosted applications be secure and available. Evolving Technologies, Changing Business Models, Dynamic Hosting Environment Keeping pace with growth and anticipating future needs is essential to running an effective security program. Cloud Challenges Complex, Global Regulatory Requirements and Industry Standards Each country may pass their own laws that govern the provision and use of online environments. Increasing Sophistication of Attacks Malicious activity focuses on infiltrating and disrupting online service offerings.

5 5 Evolution of Threats and Attacks

6 Why Attack? The reasons evolve over time Curiosity Notoriety Profit (the Willie Sutton motive) Modern warfare Today we are somewhere between profit and warfare

7 The Statistics 192% growth in spam from 2007 to ,000 bot-infected computers found daily in 2008, up 31% from % of breaches in 2008 involved organized crime targeting corporate information 285 million records stolen in million between 2004 and 2007 Statistics courtesy of Symantec Corporation

8 The Statistics (continued) Hacking accounted for 60% of exposed identities in 2009, from 29% in 2008 Credit card data accounts for 32% of goods advertised in the underground economy IP theft costs companies $600 billion globally Statistics courtesy of Symantec Corporation

9 Incidents Attacks versus neglect Incidents involving negligence have declined steeply over the past two years 120 Security breach incidents, by incident type, 1H08 2H Negligence Attack H08 2H08 1H09 2H09

10 Attacks against providers and customers

11 Types of Cloud and Internet Attacks There are two types of attack Against service providers Against customers of service providers We need to consider an evolving type of attack Against a country and its citizens

12 Attacks against providers and customers The Provider

13 Cybercrime attacks against providers Most common attacks are Denial of Service (including DDoS) Web-site defacement (usually political) DNS hijacking Rarely seen are attempts to get access to billing records and other data Aurora attack in 2009 is an exception rather than the norm

14 Cybercrime attacks against providers (continued) Increasing number of sophisticated attacks against advertising networks and other adgenerated revenue systems Pay-per-click systems most exploited Most attacks can be defeated with behavioural monitoring and log analysis Privacy concerns are an issue

15 Cybercrime attacks against providers (continued) Some attacks against providers are a precursor to other crimes Extortion Attacks against customers of the provider

16 Defeating attacks against the provider Ongoing threat and vulnerability management is key to defeating attacks Should be part of a comprehensive information security and risk management program Incident response teams should be wellequipped, with plans in place BCP/DR plans help recover from DoS attacks

17 Non-attacks against the provider Cloud service providers have a new challenge to deal with Customers that use the provider s services to launch attacks The cloud is a pre-built botnet The solution would be to monitor customer use of service for abuse Violation of privacy?

18 Attacks against providers and customers The Customer: Consumer

19 Cybercrime attacks against consumers Criminals know humans are the weakest link in the security chain Exploited for centuries and adapted for cyberspace Typical attacks against consumers include Phishing (including spear-phishing) Fraud (popular on auction sites) Luring to compromised sites

20 Jul-09 Aug-09 Sep-09 Oct-09 Nov-09 Dec-09 Malicious Web Sites - Phishing 100% 90% 80% 70% A small number of sites account for the bulk of social network phishes Active phishing sites tracked each month in 2H08 and 2H09, indexed to December % 50% 40% 30% Social Networking Sites Online Services E-Commerce Sites Financial Sites 20% 10% 0%

21 Distribution of Phishing Web-Sites 2H09

22 Stopping phishing attacks Service providers spend time blocking phishing s Either caught as spam or visibly marked as potential phishing attack on confidence factor Browsers and AV/AM software query databases of known sites real-time Warn users of known phishing sites Service providers issue take-down notices

23 Stopping phishing attacks (continued) Education is part of solution Consumers need to learn what a phishing attack looks like Companies must follow best practices Do not send out phishing-style s Do not ever request PIN numbers of customers Use two-factor authentication where feasible

24 Distribution of malware hosting sites 2H09

25 Distribution of malware 2H09

26 Distribution of Drive-By Sites 2H09

27 Attacks against providers and customers The Customer: Enterprises

28 Cybercrime attacks against enterprises Companies moving to the cloud will be a target for criminal activity Companies using IaaS public cloud offerings may be most at risk, SaaS the least Typical attacks against enterprises include Cross-site scripting SQL Injection Brute force authentication attempts

29 Cybercrime attacks against enterprises Companies moving to the cloud will be a target for criminal activity Companies using IaaS public cloud offerings may be most at risk, SaaS the least Typical attacks against enterprises include Cross-site scripting SQL Injection Brute force authentication attempts

30 Automated SQL Injection Attacks

31 The Future

32 Cyberwarfare Nation States are starting to flex their cyber muscles It is possible to compromise user security and privacy without attacking the cloud or the user Non-State actors are increasingly active Conventional terrorists Minority interest groups

33 This material is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT Microsoft Corporation. All rights reserved. Microsoft, Active Directory, Hotmail, Microsoft Dynamics, MSN, SharePoint, SQL Server, Windows, and Xbox LIVE are either trademarks or registered trademarks of the Microsoft group of companies.