The cloud attack you didn’t see coming

You have to respect that ransomware attacks at least let you know you’ve been attacked. You’ll have an opportunity to defend yourself and batten down the hatches.

However, a rising tide of cyberattacks is much more sneaky about things.

Called “stealth hacking,” these subtle attacks try to see your data and processes without alerting anyone that this is occurring. In the world of consumer computing, this may manifest as keystroke-monitoring malware that installs from a malicious download. The hacker hopes to remain undiscovered and gather as much data as possible until the jig is up, or perhaps never be discovered at all. 

The enterprise world is a bit scarier. The damage that a non-stealth hack can do is easy to define as to risk and cost. According to RiskIQ, in 2019, “Every minute, $2,900,000 is lost to cybercrime, and top companies pay $25 per minute due to cybersecurity breaches.” However, if you don’t know that you’re being monitored, the damages could be 10 times that of an instantaneous attack.

Since many stealth hacks go undiscovered, there is no good data on the damages that actually occur. On the top of the list:

• Insider trading of stock, getting access to sales and other accounting data pre-earnings announcements
• Pre-audit movement of cash from company accounts
• Blackmail due to access to HR records 

The assumption is that this kind of hacking targets on-premises systems which often are being neglected now with the focus on cloud computing. But this problem is likely to move to public clouds as well, if it hasn’t already. 

Although many would say the public cloud providers are responsible to better protect their customer’s data, the reality is that it’s a “shared responsibility model.” This means the cloud vendor provides you with the tools and procedures to be secure, and it’s up to you to implement them correctly. For instance, if you misconfigure the security for storage buckets in the public cloud and data is accessed, that’s on you.

So, what should companies that employ cloud do to minimize the chances that they get stealth hacked? It’s really cloud security 101, including the need to proactively monitor all systems and data stores.

This is where management and monitoring tools, such as AIops, come in handy. The core role of these tools is to keep systems healthy and observed, but they can also detect anomalies that may indicate an unwanted guest, such as odd performance behaviors at odd times. However, if the AIops tools are not talking to your security systems then most of this will go unnoticed.

I’m just scratching the surface of ways to avoid stealth hacking. Enterprises really need a holistic security strategy that’s systemic to all systems and all points of monitoring. Although these are not easy to set up and are costly to run, the price of dealing with a hack—either stealth or not—is at least 50 times more. Be smart with this stuff.