Tag Archives: Cloud

Outdated Linux Versions, Misconfigurations Triggering Cloud Attacks: Report

The “Linux Threat Report 2021 1H” from Trend Micro found that Linux cloud operating systems are heavily targeted for cyberattacks, with nearly 13 million detections in the first half of this year. As organizations expand their footprint in the cloud, correspondingly, they are exposed to the pervasive threats that exist in the Linux landscape.

This latest threat report, released Aug. 23, provides an in-depth look at the Linux threat landscape. It discusses several pressing security issues that affect Linux running in the cloud.

Key findings include that Linux is powerful, universal, and dependable, but not devoid of flaws, according to the researchers. However, like other operating systems, Linux remains susceptible to attacks.

Linux in the cloud powers most infrastructures, and Linux users make up the majority of the Trend Micro Cloud One enterprise customer base at 61 percent, compared to 39 percent Windows users.

The data comes from the Trend Micro Smart Protection Network (SPN) or the data reservoir for all detections across all Trend Micro’s products. The results show enterprise Linux at considerable risk from system configuration mistakes and outdated Linux distributions.

For instance, data from internet scan engine Censys.io revealed that nearly 14 million results for exposed devices running any sort of Linux operating system on July 6, 2021. A search for port 22 in Shodan, a port commonly used for Secure Shell Protocol (SSH) for Linux-based machines, showed almost 19 million exposed devices detected as of July 27, 2021.

Like any operating system, security depends entirely on how you use, configure, or manage the operating system. Each new Linux update tries to improve security. However, to get the value you must enable and configure it correctly, cautioned Joseph Carson, chief security scientist and advisory CISO at Thycotic.

“The state of Linux security today is rather good and has evolved in a positive way, with much more visibility and security features built-in. Nevertheless, like many operating systems, you must install, configure, and manage it with security in mind — as how cybercriminals take advantage is the human touch,” he told LinuxInsider.

Top Linux Threats

The Trend Micro Report disclosed rampant malware families within Linux systems. Unlike previous reports based on malware types, this study focused on the prevalence of Linux as an operating system and the pervasiveness of the various threats and vulnerabilities that stalk the OS.

That approach showed that the top three threat detections originated in the U.S. (almost 40 percent), Thailand (19 percent), and Singapore (14 percent).

Detections arose from systems running end-of-life versions of Linux distributions. The four expired distributions were from CentOS versions 7.4 to 7.9 (almost 44 percent), CloudLinux Server (more than 40 percent), and Ubuntu (about 7 percent).

Trend Micro tracked more than 13 million malware events flagged from its sensors. Researchers then cultivated a list of the prominent threat types consolidated from the top 10 malware families affecting Linux servers from Jan. 1 to June 30, 2021.

The top threat types found in Linux systems in the first half of 2021 are:

  • Coinminers (24.56 percent)
  • Web shell (19.92 percent)
  • Ransomware (11.56 percent)
  • Trojans (9.56 percent)
  • Others (3.15 percent)

The top four Linux distributions where the top threat types in Linux systems were found in H1-2021 are:

  • CentOS Linux (50.80 percent)
  • CloudLinux Server (31.24 percent)
  • Ubuntu Server (9.56 percent)
  • Red Hat Enterprise Linux Server (2.73 percent)

Top malware families include:

  • Coinminers (25 percent)
  • Web shells (20 percent)
  • Ransomware (12 percent)

CentOS Linux and CloudLinux Server are the top Linux distributions with the found threat types, while web application attacks happen to be the most common attack vector.

Web Apps Top Targets

Most of the applications and workloads exposed to the internet run web applications. Web application attacks are among the most common attack vectors in Trend Micro’s telemetry, said researchers.

If launched successfully, web app attacks allow hackers to execute arbitrary scripts and compromise secrets. Web app attacks also can modify, extract, or destroy data. The research shows that 76 percent of the attacks are web-based.

The LAMP stack (Linux, Apache, MySQL, PHP) made it inexpensive and easy to create web applications. In a very real way, it democratized the internet so anyone can set up a web application, according to John Bambenek, threat intelligence advisor at Netenrich.

“The problem with that is that anyone can set up a web app. While we are still waiting for the year of Linux on the desktop, it is important for organizations to use best practices for their web presences. Typically, this means staying on top of CMS patches/updates and routine scanning with even open-source tools (like the Zed Attack Proxy) to find and remediate SQL injection vulnerabilities,” he told LinuxInsider.

The report referenced the Open Web Application Security Project (OWASP) top 10 security risks, which lists injection flaws and cross-scripting (XSS) attacks remaining as high as ever. What strikes Trend Micro researchers as significant is the high number of insecure deserialization vulnerabilities.

This is partly due to the ubiquity of Java and deserialization vulnerabilities in it, according to Trend Micro. It’s report also noted that the Liferay Portal, Ruby on Rails, and Red Hat JBoss deserialization vulnerabilities as being prominent.

Attackers also try to use vulnerabilities where there is broken authentication to gain unauthorized access to systems. Plus, the number of command injection hits also poses a surprise as they are higher than what Trend Micro’s analysts expected.

Expected Trend

It is no surprise that the majority of these attacks are web-based. Every website is different, written by different developers with different skill sets, observed Shawn Smith, director of infrastructure at nVisium.

“There is a wide range of different frameworks across a multitude of languages with various components that all have their own advantages and drawbacks. Combine this with the fact that not all developers are security gurus, and you’ve got an incredibly alluring target,” he told LinuxInsider.

Web servers are one of the most common services to expose to the internet because most of the world interacts with the internet through websites. There are other areas exposed — like FTP or IRC servers — but the vast majority of the world is using websites as their main contact point to the internet.

“As a result, this is where attackers will focus to get the biggest return on investment for their time spent,” Smith said.

OSS Linked to Supply Chain Attacks

Software supply chains must be secured to deal with the Linux attack landscape as well, noted the Trend Micro report. Attackers can insert malicious code to compromise software components of third-party suppliers. That code then connects to a command-and-control server to download and deploy backdoors and other malicious payloads within the system, causing remote code.

This can lead to remote code execution to an enterprise’s system and computing resources. Supply chain attacks can also come from misconfigurations, which are the second top incident type in cloud-native environments, according to the Trend Micro report. More than 56 percent of their survey respondents had a misconfiguration or known unpatched vulnerability incident involving their cloud-native applications.

Hackers are having an easy time. “The major attack types on web-based applications have remained constant over the recent past. That, combined with the rising time-to-fix and declining remediation rates, makes the hackers’ job easier,” said Setu Kulkarni, vice president of strategy at NTT Application Security.

Organizations need to test applications in production, figuring out what their top three-to-five vulnerability types are. Then launch a targeted campaign to address them, rinse, and repeat, he recommended.

The “Linux Threat Report 2021 1H” is available here.

Source link

Misconfigurations: Still the Biggest Threat to Cloud Security

It is nearly impossible to find a business today that doesn’t have some degree of presence in the cloud. The rise in cloud migration started in the past decade, but the explosion of remote work during the COVID pandemic has expanded the need for business-oriented, cloud-based services. And where there once was a single cloud service, many businesses now have multi-cloud and distributed environments for edge computing power.

Cloud security has been an issue since the beginning. While cloud service providers do everything possible to secure their services, the unfortunate fact is that breaches still frequently occur. However, a deeper dive into these breaches suggests that many of the vulnerabilities arise, not from the service providers themselves but from faulty configurations of those services by the end-users.

In this article, we look at the prevalence of user misconfigurations and the steps users can take to best protect themselves and their cloud environments.

Breaches of cloud services

The statistics regarding breaches of cloud services are stunning. According to a 2021 survey of more than 250 IT professionals, more than half of all businesses have experienced a security incident related to their cloud-based services. And this statistic likely underestimates the actual number of incidents.

Many of the breaches have been high-profile, with well-known names suffering damage to their reputations and business. For example, the largest Asian cloud provider, Alibaba Cloud, suffered a data breach resulting in the leak of over 1.1 billion records related to the company’s TaoBao shopping platform.

U.S.-based cloud providers also have had their fair share of breaches. In early 2021, a misconfiguration of the Microsoft Azure cloud service exposed the confidential information (including source code) of more than a dozen companies that were submitting proposals for partnerships with Microsoft.

A separate breach in late 2020 allowed broad access to more than half a million records that included highly sensitive personal information. While the 2021 incident was due to a misconfiguration by Microsoft itself, most cloud breaches are due to inadequate security efforts by customers.

Consider, for instance, a recent breach involving Amazon’s S3 cloud service. Prestige Software, which provides services to the travel industry, misconfigured its Amazon S3 service. The result was the exposure of ten years worth of data for users of popular travel websites such as Booking.com, Hotels.com, and Expedia.

Perhaps the most publicized breach of Amazon’s cloud services, however, was the 2019 attack on Amazon AWS user Capital One. The breach implicated the personal data of over 100 million customers, including highly sensitive information such as social security numbers, credit card numbers, and credit scores. And the source of the problem? A misconfigured firewall at Capital One.

These are only a few of the major breaches that have taken place in recent years. They should serve as a cautionary tale for users of the primary cloud providers – or any cloud provider. While businesses can and should be able to rely on providers’ security measures, that alone is not enough. Businesses must properly configure their cloud environments as part of a comprehensive internal cybersecurity program.

Avoiding misconfiguration of cloud services

Preventing misconfigurations requires a concerted effort at all stages of usage, from initial contracting through ongoing maintenance and updates. Here are a few steps organizations should take to best secure their cloud services.

Know who has what responsibilities

Issues with cloud service configuration can arise very early during implementation simply because companies do not adequately understand their responsibilities. The split of responsibilities between provider and customer frequently depends on whether the provider is an Infrastructure-as-a-Service (IaaS) or a Software-as-a-Service (SaaS) provider.

IaaS providers (e.g., Amazon AWS, Google Cloud, Microsoft Azure, Alibaba Cloud) typically have shared responsibility paradigms. One of the primary data security protocols for e-commerce businesses, the Payment Card Industry Data Security Standard (PCI-DSS), specifically highlights cloud providers’ and cloud users’ shared responsibility for ensuring PCI compliance in the cloud and protecting consumer financial data.

IaaS clients need to clearly understand the full extent of their responsibilities when using these services. The first step is for all relevant IT and cybersecurity personnel to understand the service agreement. It is also essential to know what tools and support cloud providers offer for configuring services.

In contrast, SaaS providers (e.g., Salesforce, Workday, Square) tend to take on most of the responsibility for security. Nevertheless, IT and cybersecurity professionals should still review the service license agreement to ensure that the organization fulfills any necessary security requirements.

Understand common configuration and security issues

Before entering into an agreement with a cloud service provider, an organization should be aware of the typical security issues that it might face. All cloud service providers provide extensive documentation (e.g., Amazon AWS security documentation), much of which is publicly available on the internet even to those who are not using the services. A quick review of this documentation can provide insight into the complexities and potential pitfalls of configuring cloud services.

Moreover, simple internet searches can also help identify challenges with configuring and using cloud services. In addition to the online documentation, there are frequently both service provider-sponsored and independent support forums dedicated to specific issues for any given cloud service. These forums contain useful information on issues others have experienced and solutions to those issues.

Create configuration templates

The old mantra, “If it ain’t broke, don’t fix it,” can surprisingly apply even to cloud configurations. Once you have set up effective and secure configurations for existing cloud services, they can be a template for additional future services.

This does not mean that for every additional service you can simply apply an existing configuration. Instead, each new service deserves individual attention. But it does mean you can streamline the configuration process by starting with settings you already know work securely.

Be careful about templates, however, when transitioning from internal systems to cloud services. While similarities may exist, they are still different environments. According to web developer Gary Stevens of Hosting Canada, cloud hosting has been growing in popularity for this reason.

“Cloud hosting has some similarities with a VPS,” says Stevens. “But the key difference is that the server gets distributed over a large number of computers instead of having its dedicated physical address.”

Test and update

Once you have a configuration you believe is secure, you must test it as frequently and rigorously as possible. Testing allows you to identify issues you may have never considered. And to the extent you can automate system testing, so much the better.

You also need to update your configurations to reflect changes in services or your use of those services. Just as old versions of software applications offer hackers prime opportunities to access company networks and systems, outdated configurations create unneeded vulnerabilities.


Business use of the cloud will continue to increase, and with good reason. The cloud offers businesses many efficiencies and features that help them run better day-to-day. With a bit of effort and attention, businesses can ensure that their use of the cloud is a secure experience for both the company and its customers.

Source link

Future-proofing Networks with the Right Cloud Investments

Cloud technology has evolved over the past decade from being a helpful business tool to becoming one of the business world’s key foundations. Digital transformation strategies revolve around migrating applications, assets, and infrastructure to the cloud with the goal of enabling a more adaptable and agile operation.

While most organizations were already executing on their cloud migration strategies pre-COVID, the pandemic was a serious wake-up call for those lagging behind. Gartner predicts public cloud services global spending will grow to $332.3B this year, up from $270B in 2020. Gartner also anticipates that by 2024 almost half of all IT spending on software, system infrastructure, and process outsourcing will have pivoted from traditional solutions to the cloud.

However, a successful cloud strategy is much more than throwing large chunks of cash at it. Now is a critical time for IT and business leaders to consider how they can adapt their operations around cloud capabilities beyond just increasing their cloud adoption.

Digital transformation has not changed some of the top common requirements of organizations. Security has always been a high priority, especially for areas such as defense or heavily regulated markets such as financial services and healthcare. On the other hand, low latency remains critical for fast-paced sectors, such as stock trading floors. In other cases, organizations have seen their cloud requirements rapidly evolving, for example, needing to accommodate a greatly increased remote workforce or a growing network of IoT devices.

Whatever specific requirements a business might face, there are several factors that remain constant for the cloud agendas for all organizations.

Accessibility needs balanced with security

The balancing act between accessibility and security is probably the biggest challenge with the cloud we saw play out over the past year. This is because the COVID-19 pandemic caused most organizations to rapidly attempt to support a remote workforce. Their structure rapidly pivoted from supporting largely central locations with many users to supporting hundreds or thousands of individual locations with an employee count of one.

These locations all need the same level of accessibility for key assets, such as mission-critical systems and applications, or sensitive data, and the same connection quality and user experience. In order to remain as productive as those returning to the office, and back when they themselves were office workers, remote employees need to have fast and reliable access to cloud-based assets. Particularly, workers with external-facing roles cannot afford bad connections that may risk ruining customer interactions.

In turn, organizations are more aware these days than ever before that remote connections are clearly more vulnerable to cyber risk. Remote connectivity solutions provide cyber thieves with more opportunities for attack, and remote workers are more susceptible to social engineering. Rapidly growing cloud infrastructure can also create blind spots and security gaps, and this is the case for hybrid environments as well. As businesses advance in their digital transformation execution and migrate more operations to the cloud, it becomes even more critical that they evolve their security strategies to keep up with these new environments and security requirements. As we have seen, cloud breaches can result in significant consequences, as attackers rapidly move across the network and co-opt networking and sharing functions to spread their attacks to other users.

Ensuring cloud cost savings

Cloud-based service models can provide significant financial advantages for businesses, allowing them to quickly access new functionalities without requiring heavy upfront investments. Cloud services rotate some capital expenditure costs into operational costs, with infrastructure-as-a-service (IaaS) enabling organizations to move fundamental storage and networking functions to the cloud and away from on-premises hardware.

While cloud migration has good potential for providing cost savings, organizations must ensure that their cloud investments are in the right areas to realize strong, measurable ROI. The increasing requirement to deliver a high level of security and accessibility across multiple locations can prove extremely costly if not approached in the right way.

In addition, organizations must ensure they adopt a flexible strategy that can be easily scaled and modified as their needs and the environment change. While it might sound like a good idea to seek the lowest cost model, it may not prove to be the most cost-effective choice in the long run as dependency increases or major scaling changes are required.

The SASE approach

Hybrid cloud and multi-cloud strategies can heighten security, accessibility, and cost challenges. Both approaches are very common; one study states that 92 percent of enterprises currently have a multi-cloud strategy, while 82 percent have some form of a hybrid cloud network. These hybrid approaches often signal that a business is still in the middle of a cloud transition. Although many businesses have assets they cannot migrate to the cloud for legal or technical reasons.

Multi-cloud strategies provide an attractive approach because of the increased choice and flexibility they offer. Organizations must take care, however, that security is ubiquitously applied across the entire infrastructure, with no holes that can be discovered and exploited by threat actors. A successful multi-cloud strategy must also ensure a seamless network experience for all users, regardless of which service they are leveraging.

One of the most effective approaches to addressing these challenges is to move things closer to the edge of the network versus at a central point. Delivering security and networking functions via the cloud at the source of the connection means that all locations and remote workers can leverage similar levels of security and accessibility.

This approach is the core concept behind Secure Access Service Edge (SASE), which integrates multiple security and wide-area networking services together and delivers them through the cloud. A SASE approach can also address cost concerns, as the cloud delivery method serves multiple separate locations without the need to invest in hardware or suffer lengthy and costly implementation times at each location.

Implementing and maintaining a secure, accessible cloud that can scale at an affordable rate is essential for a successful digital transformation strategy and future-proofing the network. While there is no cookie-cutter approach for the cloud, a converged method such as SASE will enable businesses to meet their objectives around their own unique operational requirements.

Michael Wood is CMO at Versa Networks.

Source link

Interested in a Cloud Computing Career? This Roadmap Can Point the Way

Like many people, you might be thinking about a career in the fast growing field of cloud computing. It’s a smart move, with the Open Source Jobs Report finding that possessing cloud computing skills has the biggest impact on hiring decisions amongst technical hiring managers surveyed. And recent data have shown that job openings for cloud computing professionals have skyrocketed the last few years. 

The problem for most is determining how and where to start. If you are new to the IT sector, jumping straight into cloud and cloud native technologies is nearly impossible without first gaining an understanding of the infrastructure technologies on which the cloud is built. That’s why we’ve developed the roadmap below, outlining the knowledge and skills needed to successfully pursue a cloud career.

To start, you need to understand Linux. Over 90% of public cloud instances are running on Linux, and if you aren’t proficient in the Linux command line interface, you won’t get very far working in the cloud. You also need to understand DevOps – a term referring to the combination of development and operations which traditionally were separate in the IT space. The vast majority of organizations today use DevOps practices to deploy to the cloud, so you need to understand those practices. 

Once you’ve learned the fundamentals underpinning the cloud, you can start to learn the cloud technologies themselves. 91% of organizations running in the cloud are using Kubernetes, so it’s an ideal technology to focus on. 

To get your feet wet, you can start with some of our free courses:

Introduction to Linux
Introduction to DevOps and Site Reliability Engineering
Introduction to Cloud Infrastructure Technologies
Introduction to Kubernetes

After that, consider our Cloud Engineer Bootcamp if you want a more structured learning program, or check out our full array of cloud training and certification offerings

And don’t forget to view the Cloud Career Roadmap below for more insights!

Download full size version

The post Interested in a Cloud Computing Career? This Roadmap Can Point the Way appeared first on Linux Foundation – Training.

Distributed Cloud: The Future of Cloud Computing

More and more companies are moving to distributed clouds. This is a fundamentally new approach to cloud computing. Analysts at Gartner have named the move to distributed clouds as one of the top ten technology trends of 2021. Let’s see why distributed clouds are beneficial for business and what advantages they have.

What is a distributed cloud?

A distributed cloud is a type of cloud service that allows you to use centralized resources but, if necessary, start computing processes on local equipment. Cloud service providers can manage equipment in centralized and regional data centers. This is not enough for a distributed cloud. It is necessary to introduce so-called substations with strategically advantageous locations. In the case of edge computing, there is a binding to the physical location of resources.

An example of a distributed cloud is a content delivery network (CDN), which is a geographically dispersed network infrastructure. It is designed for the optimized and fast delivery of content (most often video or audio) to users in different locations, significantly reducing download speed. But distributed clouds are not only beneficial for creators and providers of media content. They can be applied in other areas of business, from shipping to sales.

A distributed cloud can be used even with reference to specific geographical areas. For example, a large video service provider can use centralized cloud resources to format video and store content in multiple formats on geographically dispersed CDNs. In anticipation of increased demand for services in specific locations, it can place data in local storage in some residential regions or even in 5G stations in densely populated areas to ensure fast video downloads on mobile devices. 

How is a distributed cloud different from a hybrid?

And now distributed clouds enter the arena. While this is only a trend, not a commonplace, many confuse it with a hybrid. But there is a fundamental difference between the two: both hybrid and distributed clouds can enhance business opportunities. But in the case of hybrid infrastructure, it is mostly about expanding the environment for computing. Distributed clouds enable edge computing and also expand the environment, but geographically.

What is the advantage of a distributed cloud?

Distributed cloud with associated edge computing is a natural trend. Business requirements have changed, and even hybrid cloud infrastructure no longer suits companies, especially when it comes to large corporations. This is primarily because distributed cloud services help avoid the gap between private and public clouds, which often happens when using the hybrid infrastructure. But a distributed cloud has other benefits as well:

  • Reduced latency and improved performance. The closer the cloud resources are to a specific location, the faster the end-user will receive computing processes (content delivery, data analysis, etc.).
  • Expanding business presence. By introducing a distributed cloud into a company’s work, you can increase the number and availability of computing zones.
  • Reduced costs. Even though a hybrid cloud requires a shared infrastructure, management is resource-intensive. The enterprise needs to control both environments, and this requires hiring more specialized employees and, accordingly, spending more money. A distributed cloud can significantly reduce the financial burden.
  • Reduced risk of network failure. Unlike a centralized cloud, distributing to different locations will help avoid large and lengthy problems.
  • Compliance with legal regulations. Different countries have different laws, and these businesses may not comply with local regulations. Edge Computing helps companies comply with country-specific laws. This is especially important in cases where specific data cannot be taken out of the state.
  • If you have to control and administer the private cloud yourself, the service provider will directly monitor the distributed cloud. This leads to a decrease in the cost of equipment administration and enables the business in the event of technical failures to concentrate on its tasks and not solve the problem with the help of its specialists.

What is the future of distributed cloud?

The transition to a distributed cloud is becoming one of the most important trends. But in the future, the technology will be actively developed, as analysts say. At least for now, cloud providers are busy installing and equipping substations that they will use for edge computing. According to experts’ forecasts, by 2025, cloud services will dominate among other information and communication technologies, and at the same time, the popularity of distributed clouds will grow proportionally.

Final word

Business has been moving to cloud services for a long time, and in 2021, clouds have become especially relevant. Specifically, businesses have begun, en masse, to order services from large suppliers. As a result, the profits of Google and other companies that provide cloud services have increased several times. This is just the beginning. The demand for clouds will only grow.

Source link