Hacking Via The Cloud

Uploaded on 2018-07-24 in BUSINESS-Services-IT & Telecoms, FREE TO VIEW, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

It has now become much clearer that Red Apollo a Chinese hacking cluster in 2017 launched a very large international cyber espionage campaign. This attack hit cloud service rather than attacking companies directly, it targeted cloud service supplier’s networks so that it could infiltrate the cloud’s connections to business computer systems and spy/monitor them.

The attacks, called Operation Cloud Hopper, focused on managed IT cloud providers and at least fifteen countries were affected including Germany, US, Canada, New Zealand, France, Australia, UK and Japan.

These attacks on the cloud systems raises the level of cyber-attacks to a new level which is much more criminally sophisticated and governments and policing authorities should become far more focused in their responses to these types of cyber-attacks.

 “If we look at the last year or two of cyber-attacks there have been a lot of dramatic attacks,” says Ciaran Martin, chief executive of the UK’s National Cyber Security Centre (NCSC), part of GCHQ. “But one of the slow burning, strategic issues is the integrity of the supply chain and how corporations and government departments manage that risk.

“I think collectively we have been slower than we should have been to realise the importance of that.”

Richard Horne, a cyber security partner at PwC, explains how Russian hackers breached a software provider in Ukraine called MeDoc and inserted a “back door” into its next software update. “Once that was inserted then the attackers could download their malicious code, a brilliant piece of code, which then spread within about 60 minutes,” adds Mr Horne.

Ever since the poisoning of the former Russian double agent Sergei Skripal and his daughter in Salisbury in the south of England in March, the UK has stepped up its cyber security measures around potential Kremlin-backed cyber hostility and this was again brought into the media while the World Cup took place in Russia when it was thought that Russia would use cyber methods to spread positive Russian news.

Now a serious concern for cyber security officials is that state-backed hackers and criminals could penetrate the systems of critical infrastructure organisations such as police, banks, energy companies and parts of government.

This year the NCSC published guidance explains how to be secure and protect against four widespread supply chain attacks. The guidance highlights third party software providers, website builders and external data stores as the most-risky links in any company’s IT supply chain.

In 2013 the US retailer Target was hacked using access granted to a refrigeration and air conditioning supplier. The attack led to the details of more than 70m Target customers being compromised, including the accounts of more than 40m credit card holders.

Dave Palmer, director of technology at Darktrace, a leading cybersecurity firm, says that while high-profile incidents such as the Target hack alerted businesses to the risk in the supply chain, he still witnesses instances where external companies sign up to stringent security standards but then fall “woefully short”.

New EU GDPRGeneral Data Protection Regulation which came into force May 25th 2018, now requires EU companies and others who trade within the EU to assess suppliers’ security risks.

Alfred Rolington - Cyber Security Intelligence

For more Information, please contact: Cyber Security Intelligence at:info@cybersecurityintelligence.com

« China Dominates Global Investment In AI
AI Will Thrash Employment »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Cyber Security Associates (CSA)

Cyber Security Associates (CSA)

Cyber Security Associates provides cyber consultancy and cyber managed services which help to detect, protect and educate against the ever-changing cyber threat.

Lantronix

Lantronix

Lantronix is a global provider of secure data access and management solutions for Internet of Things (IoT) and information technology assets.

FinCom.co

FinCom.co

FinCom.Co is the world’s first automatic AML/ KYC screening system, for comprehensive compliance.

Gradcracker

Gradcracker

Gradcracker is THE careers website for Science, Technology (including Cybersecurity), Engineering and Maths university students in the UK.

Cyber Pop-Up

Cyber Pop-Up

Cyber Pop-Up provide on-demand access to top security experts. No recruiting. No onboarding. No overhead costs.

SafeTech Informatics & Consulting

SafeTech Informatics & Consulting

Safetech's OTShield detects, prevents and analyses cyber-attacks in SCADA and Industrial IoT systems by utilising state of the art deception techniques.

CleanCloud by SEK

CleanCloud by SEK

CleanCloud by SEK is a CSPM product focused on public cloud data protection and security regulations, with over 400 compliance checks for the market's leading frameworks and regulations.

Stronghold Cyber Security

Stronghold Cyber Security

Stronghold Cyber Security is a consulting company that specializes in NIST 800, the Cybersecurity Framework and the Cybersecurity Maturity Model Certification.

Cyber Defense Technologies (CDT)

Cyber Defense Technologies (CDT)

Cyber Defense Technologies provides services and turn-key solutions to secure and maintain the integrity of your organization’s systems and data against attacks.

Raman Power Technologies

Raman Power Technologies

Raman Power Technologies focus on bringing value and solving business challenges through the delivery of modern IT services and solutions including cybersecurity.

Cyber-Security Council Germany

Cyber-Security Council Germany

The German Cyber Security Council's objective is to consult businesses, government agencies and political decision-makers and to support them against cybercrime.

Huntr

Huntr

Huntr provides a single place for security researchers to submit vulnerabilities, to ensure the security and stability of AI/ML applications.

OpenAI

OpenAI

OpenAI is an AI research and deployment company dedicated to ensuring that general-purpose artificial intelligence benefits all of humanity.

B&L PC Solutions

B&L PC Solutions

B&L PC Solutions deliver top cyber security services on Long Island and New York city to protect businesses from evolving online threats.

DATS Project

DATS Project

DATS Project enables the utilization of high computing power across a number of cybersecurity services, all on a pay-as-you-go basis, eliminating the need for upfront investment costs.

M6iT Consulting

M6iT Consulting

M6iT Consulting is an industry-leading solution partner managing the IT requirements for a full range of companies.