Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
SPONSORED BY
7/11/2017
12:00 PM
Tim Prendergast
Tim Prendergast
Partner Perspectives
Connect Directly
Twitter
LinkedIn
RSS
50%
50%

Securing your Cloud Stack from Ransomware

Poor configuration, lack of policies, and permissive behaviors are three factors that can leave your cloud infrastructure vulnerable to ransomware threats.

For enterprises that use the cloud, the key to being protected starts with understanding the layers that make up the components of their cloud stack. These different layers create multiple potential targets, and for the informed, they each represent a piece of the cloud environment that can be secured against potential threats.

Ransomware, for example, doesn't have to be terribly complex stuff. To be effective, it just needs access. By paying attention to the different pieces of the cloud stack, and addressing their unique security needs, your environment can be far more resistant to ransomware threats.

Image Source: Evident.io
Image Source: Evident.io

Identity Management
Besides enforcing secure passwords and multifactor authentication (MFA), apply the "least privilege roles" concept: Only give users access to the least amount of accounts and systems that allow them to be productive. This limits the damage that can be done if an accident is made or a bad actor gets access to the account. 

Secure the Cloud Compute Layer
Take steps to secure your compute layer to ensure availability of systems and data, and to keep bad actors from using your compute power to further spread malware across your business and the Internet. The first step here is to enable secure login by issuing SSH keys issued to individuals.

Use a Jump Host
A jump host is placed in a different security zone and provides the only means of accessing other servers or hosts in your system. It is an extra step that will add a layer of security complexity to keep hackers out of your system. As the single administrative entry point, be sure to take steps to protect this server and maintain strict access controls. Also, be sure to turn on logging so you can audit all activity. But, if this one server gets owned, the jump server will allow you to create a new one with the push of a button.

Create Hypervisor Firewall Rules
The most effective way to manage firewalls is at the hypervisor level because you can restrict or set limits on both ingress and egress traffic. Take care to set definitive rules about what, how much, and who can send, receive, and access both inbound and outbound data. Many are reluctant to set up outbound rules, but because ransomware often threatens the leaking of your intellectual property, it is important to ensure you have outbound rules that are explicitly declared.

Only Use Trusted Images
Build your images or templates from scratch or get them from very trusted sources like AWS or Microsoft. Don’t use the ones you find on Stackoverflow or on random message boards or communities. The hackers have gotten clever enough to respond to hot topics and embed malware into packages and templates.

Manage Data Access for Cloud Storage
Identity and Access Policies (IAM) policies and Access Control Lists help you centralize the control of permissions to your storage.  Bucket policies allow you to enable or deny permissions by accounts, users, or based on certain conditions like date, IP address, or whether the request was sent with SSL. 

Encrypt, Encrypt, Encrypt
When using public cloud infrastructure, it is imperative that your data is encrypted both in transit and at rest. There are many great encryption tools and services that will help with each. Note that the metadata (the data describing what you’re storing) is often not encrypted, so be sure not to store sensitive information in your cloud storage metadata.

No Delete Rights or MFA for Delete
You can set up roles in your cloud infrastructure that do not allow the user to delete any data. This protects you in case an attacker has gained control of a user’s account. In that case, attackers may be able to access the data, but they can’t delete it, which is usually what is threatened in ransomware attacks. Also, in most cloud storage solutions you can enable a feature that requires the six-digit code and serial number from your MFA token to delete any version of data stored in your storage layer. This means that attackers won’t be able to delete your data if they get access, unless they’ve got your MFA key.

Don’t Allow Services to Call Home to SaaS Systems Like Github
All it takes is for a bad actor to get access to your Git repo, and they can infect and potentially get access to more of your systems the next time one of your systems calls home. A better option is to store your Git or code repositories securely in your own cloud environment.

Our Evident security platform analyzes more than 10 billion events every month, and we see that poor configuration, lack of policies, and permissive behaviors lead to too many openings that are exploitable by ransomware.

For more information on creating an optimal security environment for your cloud environment that will assist in thwarting ransomware through a set of corrective actions and behavioral modifications, click here.

 

Tim Prendergast co-founded Evident.io to help others avoid the pain he endured when helping Adobe adopt the cloud at a massive level.  After years of building, operating, and securing services in Amazon Web Services, he set out to make security approachable and ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
Cognitive Bias Can Hamper Security Decisions
Kelly Sheridan, Staff Editor, Dark Reading,  6/10/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7472
PUBLISHED: 2019-06-15
The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via the wp-admin/?page=cpd_metaboxes daytoshow parameter.
CVE-2019-12839
PUBLISHED: 2019-06-15
In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated attackers to achieve arbitrary command execution.
CVE-2019-12840
PUBLISHED: 2019-06-15
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
CVE-2019-12835
PUBLISHED: 2019-06-15
formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds write in xml_memory_writer::write via characters that require escaping.
CVE-2019-12830
PUBLISHED: 2019-06-15
In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue.