Ransomware attacks can be headaches of the highest order, and in many instances they have disastrous repercussions and that is to say nothing of the way those repercussions are paired with major expenses no matter how the problem ends up being resolved. When Japanese automaker giant Toyota had to shut down 14 factories across the country for one day, it was staggering to see just how much in the way of financial loss could come from just 24 hours of dealing with an attack.
Most businesses will be of a much smaller scale, but there’s also been plenty of instances of data being breached for businesses that no one will necessarily be familiar with. No matter what size of operation, if you have sensitive data stored in digital format – and who doesn’t nowadays – then you will want to make sure you have all the defences in place there and ready to do their job if and when it’s needed of them. Ransomware attacks are increasing; between 2019 and the end of 2021 they had risen well over 200% overall worldwide, and again it’s not always just the big fish being attacked.
Likely goes without saying that data management and data security are two aspects of operation that we can relate to here at 4GoodHosting, and that will almost certainly be true for any other quality Canadian web hosting provider who has the same solid operating principles for their web hosting business. Like most we’re also as enthusiastic and bullish about the ever-evolving potential for cloud computing, which leads us to our topic of discussion for this entry – why do ransomware attacks tend to look past cloud computing environments when weighing potential victims?
Franchised Ransomware
A recent advisory from the Cybersecurity and Infrastructure Security Agency (CISA), the US FBI, and the NSA reveals the latest trend is now ransomware as a service. Where gangs of malicious hackers essentially ‘franchise’ their ransomware tools and techniques and then make them available to less organized or less skilled hackers. This works out to many more attacks, despite some of them being not as sophisticated as others for the same reasons.
But the long and short of it is protecting against ransomware attacks must be part of any organization’s holistic cybersecurity strategy. And it turns out that is especially true if you’re still operating data center infrastructure and not cloud infrastructure. Hardening data centers and endpoints to protect against ransomware attacks is more and more needed every year, but it is true that cloud infrastructure faces a different kind of threat.
To be clear - if your organization is all in the cloud, ransomware can be less of a worry.
What, and Why?
First and foremost you shouldn’t be mistaking ransomware attacks as simply data breaches. A data breach only means data has been exposed, and it doesn’t even necessarily connote that data has been taken. Ransomware isn’t primarily ‘stealing’ either, and with it the aim is not to steal your data necessarily. Instead the aim is usually to take control of the systems that house or encrypt your data and prevent you from having access to it, unless you pay to have that access re-established for you.
The reason why ransomware attacks are not being carried out against cloud environments has everything to do with fundamental differences between cloud infrastructure and data center infrastructure.
For starters, any cloud environment is not simply a remote replica of its onsite data center and IT systems. Cloud computing is 100% software driven by APIs - application programming interfaces— which function as middlemen for the software and allowing different applications to have interactions with each other. The control plane is the API surface that configures and operates the cloud, and that control pane may be used to build a virtual server, modify a network route, and gain access to data in databases or snapshots of databases.
Key Resilience
Cloud platform providers have been working around the understanding that consumers who will pay for the technology and service are expecting data to be robust and resilient. Keep in mind replicating data in the cloud is both easy and cheap, and a well-architected cloud environment ensures multiple backups of data are done regularly. That’s the key means by which an attacker’s ability to use ransomware is impeded. Frequent takings of multiple copies of your data means they have less of the ability to lock you out. Should an attacker be able to encrypt your data and demand a ransom, you can take all their leverage away from them with simply reverting to the latest version of the data backed up prior to the encryption.
Effective security in the cloud is the result of good design and architecture rather than reactive intrusion detection and security analysis. Hackers have no other choice but to try to exploit cloud misconfigurations that enable them to operate against your cloud control plane APIs and steal your data. And to this point very few if any of them have had much success with that.
Automation is Best
Having cloud security protocols working automatically is best, as the number of cloud services keeps growing along with the number of deployments most of you will have. Add all the expanding resources and you can get why there is a need to not be manually monitoring for misconfigurations and enabling developers to write code that can be flexible for future revisions. Hardening your cloud security ‘posture’ is helpful too, with efforts to know your operating environment and its weak points on an ongoing basis as well as continuously surveying your cloud environment, to maintain situational awareness at all times.
Successful organizations evaluate all the time to know where they stand, where they’re going, and to quantify the progress they’ve made and are making towards addressing vulnerabilities and the security incidents that have or may result from them.