Hacking Via The Cloud

Uploaded on 2018-07-24 in BUSINESS-Services-IT & Telecoms, FREE TO VIEW, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

It has now become much clearer that Red Apollo a Chinese hacking cluster in 2017 launched a very large international cyber espionage campaign. This attack hit cloud service rather than attacking companies directly, it targeted cloud service supplier’s networks so that it could infiltrate the cloud’s connections to business computer systems and spy/monitor them.

The attacks, called Operation Cloud Hopper, focused on managed IT cloud providers and at least fifteen countries were affected including Germany, US, Canada, New Zealand, France, Australia, UK and Japan.

These attacks on the cloud systems raises the level of cyber-attacks to a new level which is much more criminally sophisticated and governments and policing authorities should become far more focused in their responses to these types of cyber-attacks.

 “If we look at the last year or two of cyber-attacks there have been a lot of dramatic attacks,” says Ciaran Martin, chief executive of the UK’s National Cyber Security Centre (NCSC), part of GCHQ. “But one of the slow burning, strategic issues is the integrity of the supply chain and how corporations and government departments manage that risk.

“I think collectively we have been slower than we should have been to realise the importance of that.”

Richard Horne, a cyber security partner at PwC, explains how Russian hackers breached a software provider in Ukraine called MeDoc and inserted a “back door” into its next software update. “Once that was inserted then the attackers could download their malicious code, a brilliant piece of code, which then spread within about 60 minutes,” adds Mr Horne.

Ever since the poisoning of the former Russian double agent Sergei Skripal and his daughter in Salisbury in the south of England in March, the UK has stepped up its cyber security measures around potential Kremlin-backed cyber hostility and this was again brought into the media while the World Cup took place in Russia when it was thought that Russia would use cyber methods to spread positive Russian news.

Now a serious concern for cyber security officials is that state-backed hackers and criminals could penetrate the systems of critical infrastructure organisations such as police, banks, energy companies and parts of government.

This year the NCSC published guidance explains how to be secure and protect against four widespread supply chain attacks. The guidance highlights third party software providers, website builders and external data stores as the most-risky links in any company’s IT supply chain.

In 2013 the US retailer Target was hacked using access granted to a refrigeration and air conditioning supplier. The attack led to the details of more than 70m Target customers being compromised, including the accounts of more than 40m credit card holders.

Dave Palmer, director of technology at Darktrace, a leading cybersecurity firm, says that while high-profile incidents such as the Target hack alerted businesses to the risk in the supply chain, he still witnesses instances where external companies sign up to stringent security standards but then fall “woefully short”.

New EU GDPRGeneral Data Protection Regulation which came into force May 25th 2018, now requires EU companies and others who trade within the EU to assess suppliers’ security risks.

Alfred Rolington - Cyber Security Intelligence

For more Information, please contact: Cyber Security Intelligence at:info@cybersecurityintelligence.com

« China Dominates Global Investment In AI
AI Will Thrash Employment »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

DLA Piper

DLA Piper

DLA Piper is a global law firm with offices throughout the Americas, Asia Pacific, Europe and the Middle East. Practice areas include Cybersecurity.

QASymphony

QASymphony

QASymphony software testing and QA tools help companies create better software by improving speed, efficiency and collaboration during the testing lifecycle.

ActiveCyber

ActiveCyber

ActiveCyber is a source for news, reviews, learning, and technological innovation in the active cyber defense industry.

Consult Hyperion

Consult Hyperion

Consult Hyperion is an independent strategic and technical consultancy specialising in digital identity and secure electronic transactions.

Introspective Networks

Introspective Networks

Introspective Networks (IN) is a Cybersecurity company focusing on securing data in the network and automating knowledge work to decrease vulnerability points to critical infrastructure.

CERT Tonga

CERT Tonga

CERT Tonga is the national Computer Emergency Response Team for Tonga.

Dualog

Dualog

Dualog provides a maritime digital platform which ensures that services work reliably and securely onboard.

Cipher

Cipher

Founded in 2000, Cipher is a global cybersecurity company that delivers a wide range of Managed Security Services.

PNGCERT

PNGCERT

PNGCERT is the national Computer Emergency Response Team (CERT) for Papua New Guinea.

Hyperproof

Hyperproof

Hyperproof is a cloud-based compliance operations software. Launch new programs immediately, collect evidence automatically, and manage a compliance program intelligently.

FortifyIQ

FortifyIQ

FortifyIQ's mission is to advance maximum security against side-channel attacks across the entire computing spectrum.

CommandK

CommandK

CommandK provides companies with infrastructure to protect their sensitive data. Built-in solutions to prevent data-leaks and simplify governance.

Radix Technologies

Radix Technologies

Radix offer end-to-end device management solutions, consolidating all the organization devices, processes and stakeholders into one easy-to-use management platform.

EPAM Systems

EPAM Systems

Since 1993, EPAM Systems has leveraged its advanced software engineering heritage to become a leading global digital transformation services provider.

Technation

Technation

Technation proudly represents the Canadian technology companies that are furthering our nation and the world into the future through innovation, creativity and ingenuity.

CERT.ar

CERT.ar

CERT.ar is the national Computer Emergency Response Team for the technical-administrative management of computer security incidents in the National Public Sector of Argentina.