Hacking Via The Cloud

Uploaded on 2018-07-24 in BUSINESS-Services-IT & Telecoms, FREE TO VIEW, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

It has now become much clearer that Red Apollo a Chinese hacking cluster in 2017 launched a very large international cyber espionage campaign. This attack hit cloud service rather than attacking companies directly, it targeted cloud service supplier’s networks so that it could infiltrate the cloud’s connections to business computer systems and spy/monitor them.

The attacks, called Operation Cloud Hopper, focused on managed IT cloud providers and at least fifteen countries were affected including Germany, US, Canada, New Zealand, France, Australia, UK and Japan.

These attacks on the cloud systems raises the level of cyber-attacks to a new level which is much more criminally sophisticated and governments and policing authorities should become far more focused in their responses to these types of cyber-attacks.

 “If we look at the last year or two of cyber-attacks there have been a lot of dramatic attacks,” says Ciaran Martin, chief executive of the UK’s National Cyber Security Centre (NCSC), part of GCHQ. “But one of the slow burning, strategic issues is the integrity of the supply chain and how corporations and government departments manage that risk.

“I think collectively we have been slower than we should have been to realise the importance of that.”

Richard Horne, a cyber security partner at PwC, explains how Russian hackers breached a software provider in Ukraine called MeDoc and inserted a “back door” into its next software update. “Once that was inserted then the attackers could download their malicious code, a brilliant piece of code, which then spread within about 60 minutes,” adds Mr Horne.

Ever since the poisoning of the former Russian double agent Sergei Skripal and his daughter in Salisbury in the south of England in March, the UK has stepped up its cyber security measures around potential Kremlin-backed cyber hostility and this was again brought into the media while the World Cup took place in Russia when it was thought that Russia would use cyber methods to spread positive Russian news.

Now a serious concern for cyber security officials is that state-backed hackers and criminals could penetrate the systems of critical infrastructure organisations such as police, banks, energy companies and parts of government.

This year the NCSC published guidance explains how to be secure and protect against four widespread supply chain attacks. The guidance highlights third party software providers, website builders and external data stores as the most-risky links in any company’s IT supply chain.

In 2013 the US retailer Target was hacked using access granted to a refrigeration and air conditioning supplier. The attack led to the details of more than 70m Target customers being compromised, including the accounts of more than 40m credit card holders.

Dave Palmer, director of technology at Darktrace, a leading cybersecurity firm, says that while high-profile incidents such as the Target hack alerted businesses to the risk in the supply chain, he still witnesses instances where external companies sign up to stringent security standards but then fall “woefully short”.

New EU GDPRGeneral Data Protection Regulation which came into force May 25th 2018, now requires EU companies and others who trade within the EU to assess suppliers’ security risks.

Alfred Rolington - Cyber Security Intelligence

For more Information, please contact: Cyber Security Intelligence at:info@cybersecurityintelligence.com

« China Dominates Global Investment In AI
AI Will Thrash Employment »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Forcepoint

Forcepoint

Forcepoint provide a unified, cloud-centric platform that safeguards users, networks and data while eliminating the inefficiencies of managing multiple point security products.

EverC

EverC

EverC (formerly EverCompliant) is a leading provider of cyber intelligence that allows acquiring banks and payment service providers (PSP) to manage cyber risk.

Cyber Defense Initiative Conference (CDIC)

Cyber Defense Initiative Conference (CDIC)

Cyber Defense Initiative Conference (CDIC) is one of the most distinguished Cybersecurity, Privacy and Information Security Conference in Thailand and Southeast Asia.

LiveVault

LiveVault

LiveVault delivers fully automated, turnkey, backup over the Internet or a private network connection for uninterrupted remote data protection.

XTN Cognitive Security

XTN Cognitive Security

XTN is focused on the development of security, Fraud and Mobile Threat Prevention advanced behaviour-based solutions.

Moxa

Moxa

Moxa is a leading provider of industrial networking, computing, and automation solutions for enabling the Industrial Internet of Things.

Secon Cyber Security

Secon Cyber Security

Secon Cyber Security is an Advanced Managed Security Services Provider with long standing experience of providing cyber security solutions to customers ranging from small to large enterprises.

Lifespan Technology

Lifespan Technology

Lifespan Technology provides the full range of IT Asset Disposition services. This includes hardware recycling and disposal, data destruction, and hardware resale.

e.Kraal Innovation Hub

e.Kraal Innovation Hub

e.Kraal is a Cybersecurity Innovation Hub whose mission is to secure the future of Cybersecurity in Kenya by accelerating innovation and creativity in the cyberspace ecosystem.

Plug and Play Tech Center

Plug and Play Tech Center

Plug and Play is the ultimate innovation platform, bringing together the best startups and the world’s largest corporations.

ISARR

ISARR

The ISARR software platform - your bespoke Risk, Resilience & Security Management solution. Simple, cost effective and adaptable, now and into the future.

Blackbird.AI

Blackbird.AI

Blackbird.AI provides an intelligence and early-warning system to help users detect disinformation and take action against threats.

Secmation

Secmation

Secmation are an agile engineering services firm providing advanced DoD level security design and consultation services for both commercial and defense hardware and software applications.

Cyber Security for Europe (CyberSec4Europe)

Cyber Security for Europe (CyberSec4Europe)

CyberSec4Europe is designing, testing and demonstrating potential governance structures for a European Cybersecurity Competence Network.

Resemble AI

Resemble AI

Resemble AI is an innovator in Generative Voice AI technology and tools to combat AI fraud including audio watermarking and deepfake detection.

Nihka Technology Group

Nihka Technology Group

Nihka offers full end-to-end ICT solutions from business optimisation, data centre modernisation, cloud connection and management, and ICT security.