Hacking Via The Cloud

Uploaded on 2018-07-24 in BUSINESS-Services-IT & Telecoms, FREE TO VIEW, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

It has now become much clearer that Red Apollo a Chinese hacking cluster in 2017 launched a very large international cyber espionage campaign. This attack hit cloud service rather than attacking companies directly, it targeted cloud service supplier’s networks so that it could infiltrate the cloud’s connections to business computer systems and spy/monitor them.

The attacks, called Operation Cloud Hopper, focused on managed IT cloud providers and at least fifteen countries were affected including Germany, US, Canada, New Zealand, France, Australia, UK and Japan.

These attacks on the cloud systems raises the level of cyber-attacks to a new level which is much more criminally sophisticated and governments and policing authorities should become far more focused in their responses to these types of cyber-attacks.

 “If we look at the last year or two of cyber-attacks there have been a lot of dramatic attacks,” says Ciaran Martin, chief executive of the UK’s National Cyber Security Centre (NCSC), part of GCHQ. “But one of the slow burning, strategic issues is the integrity of the supply chain and how corporations and government departments manage that risk.

“I think collectively we have been slower than we should have been to realise the importance of that.”

Richard Horne, a cyber security partner at PwC, explains how Russian hackers breached a software provider in Ukraine called MeDoc and inserted a “back door” into its next software update. “Once that was inserted then the attackers could download their malicious code, a brilliant piece of code, which then spread within about 60 minutes,” adds Mr Horne.

Ever since the poisoning of the former Russian double agent Sergei Skripal and his daughter in Salisbury in the south of England in March, the UK has stepped up its cyber security measures around potential Kremlin-backed cyber hostility and this was again brought into the media while the World Cup took place in Russia when it was thought that Russia would use cyber methods to spread positive Russian news.

Now a serious concern for cyber security officials is that state-backed hackers and criminals could penetrate the systems of critical infrastructure organisations such as police, banks, energy companies and parts of government.

This year the NCSC published guidance explains how to be secure and protect against four widespread supply chain attacks. The guidance highlights third party software providers, website builders and external data stores as the most-risky links in any company’s IT supply chain.

In 2013 the US retailer Target was hacked using access granted to a refrigeration and air conditioning supplier. The attack led to the details of more than 70m Target customers being compromised, including the accounts of more than 40m credit card holders.

Dave Palmer, director of technology at Darktrace, a leading cybersecurity firm, says that while high-profile incidents such as the Target hack alerted businesses to the risk in the supply chain, he still witnesses instances where external companies sign up to stringent security standards but then fall “woefully short”.

New EU GDPRGeneral Data Protection Regulation which came into force May 25th 2018, now requires EU companies and others who trade within the EU to assess suppliers’ security risks.

Alfred Rolington - Cyber Security Intelligence

For more Information, please contact: Cyber Security Intelligence at:info@cybersecurityintelligence.com

« China Dominates Global Investment In AI
AI Will Thrash Employment »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CloudHesive

CloudHesive

CloudHesive provides cloud solutions through consulting and managed services with a focus on security, reliability, availability and scalability.

CQS (Certified Quality Systems)

CQS (Certified Quality Systems)

CQS is an organisation specialising in ISO assessment and certification, including ISO 27001, along with other management system standards.

Secure360

Secure360

Secure360 focuses on the following key areas: governance, risk and compliance, information security, physical security, business continuity management, and professional development.

Oracle Cloud Security

Oracle Cloud Security

Oracle’s cloud security solutions enable organizations to implement and manage consistent security policies across the hybrid data center.

CERT-PA

CERT-PA

CERT-PA is the national Computer Emergency Response Team for Italian government institutions.

TEISS

TEISS

Teiss.co.uk is a website dedicated to providing information about cyber security. TEISS also provide a series of conferences and events focused on cyber security.

WetStone Technologies

WetStone Technologies

WetStone develops software solutions that support investigators and analysts engaged in eCrime Investigation, eForensics and incident response activities.

Cog Systems

Cog Systems

Cog Systems offer an embedded solution built on modularity, proactive security, trustworthiness, and adaptability to enable highly secure connected devices.

Digital Magics

Digital Magics

Digital Magics is an incubator for innovative startups which offer content and services with high technological value. Areas of focus include IoT, Enterprise Software, AI, Industry 4.0 and Blockchain.

GateKeeper Enterprise

GateKeeper Enterprise

The GateKeeper Enterprise software is an identity access management solution. Automated proximity-based authentication into computers and websites. Passwordless login and auto-lock PCs.

IQ4 - Cybersecurity Workforce Alliance (CWA)

IQ4 - Cybersecurity Workforce Alliance (CWA)

Cybersecurity Workforce Alliance, a division of iQ4, is an organization comprised of a diverse range of professionals dedicated to the development of the cybersecurity workforce.

Skudo

Skudo

Skudo is dedicated to creating innovative best-in-class solutions that protect data exchange with the highest level of security and privacy.

Blackmere Consulting

Blackmere Consulting

Blackmere Consulting is a Nationwide Technical and Executive Recruiting firm dedicated to Cyber Security and Information Technology.

Nexio

Nexio

We are Nexio. We help organisations take every NEXT step toward their accelerated digital transformation.

Equixly

Equixly

Equixly is revolutionizing application security by empowering developers and organizations to build more secure software, elevate their security posture, and stay ahead of emerging threats.

Black Breach

Black Breach

Black Breach experts protect your organization from cyber threats with military-grade AI-tooled cybersecurity solutions.