It's Raining Cyber Attacks: Cybersecurity in the Cloud | Hacker Noon


image
Pavan Belagatti Hacker Noon profile picture

DevOps Influencer

Every digital aspect comes with a security risk if not handled properly. With billions of people using online and digital technologies worldwide, there are ample opportunities for hackers to break the security wall and create unrest all around. Cybersecurity news has become too frequent these days. We see bitcoin mining, credit card credential stealing, injecting malicious code into the systems, stealing confidential data, etc.

Today it is not just about having speed, reaching your customers quickly, easy setup, mind-blowing features, etc., but rather, it is about how safe or secure your systems, data, or features are.

What is Cybersecurity?

It is the approach and practice of securing electronic data, networks, computer systems, and any form of digital infrastructure from malicious attacks. Banks, educational institutions, tech companies, government agencies, publishing media houses, hospitals, and every sector invest in cybersecurity infrastructure to protect their customer data, secrets, and business intelligence from attackers.

A robust cybersecurity strategy is a vital security posture to tackle the hazardous cybercrimes and malicious attacks intended to access, mine, inject, delete, or extort a company's or developer's systems and confidential data. In later parts of this article, we will discuss cybersecurity and protection against it. 

The importance of Cybersecurity

There were many instances where companies went under pressure due to their inadequate cybersecurity regulations that allowed attackers to invade the company’s network and harm the systems in various ways. Losing reputation and trust, some companies experienced a heavy loss in terms of revenue and are still not able to cope up. The need is to have robust and standard principles around cybersecurity to avoid chances for hackers to get into the systems. Cybersecurity has become more crucial than ever. Here are some interesting reports and examples:

The cybercrime damages are projected to surpass $6 trillion by 2021, 

Gartner Inc., the international research firm, predicts that worldwide security spending will hit $170 billion by 2022, an 8% increase in just a year. 

A recent survey from Nationwide Mutual Insurance Company discovered that 58% of business proprietors had been victims of at least one cyber-attack. 

Ransomware disaster harms are predicted to be 57X more in 2021 when compared with 2015. Ransomware is stated to be one of the fast-growing cybercrimes in the United States. Hence, the U.S. Department of Justice (DOJ) has reported ransomware as a new business model for cybercrime.

The WannaCry cyberattack hit hospitals across the U.K., making health services shut down almost for a week. It was a ransomware attack, and the cybercriminals took complete control of health systems and demanded a lump sum amount to give back the control.

Cybersecurity best practices

Here are some suggestions to think about when implementing cybersecurity best practices within your organization:

  • Conduct phishing simulations.
  • Train developers on cybersecurity. 
  • Hire security professionals.
  • Adopt DevSecOps best practices.
  • Have control access to only the required people.
  • Use multifactor authentication. 
  • Make use of the best security vulnerability tools.
  • Enable firewall protection.
  • Enable more testing through ethical hackers.

Types of cybersecurity threats

These are some of the top cybersecurity threats to know about:

  • Malware represents viruses, trojans, and spyware that can be injected through malicious software into any system to harm it. 
  • Ransomware is a sort of malware that locks the computer system and files of the target through encryption and demands payment to unlock.
  • Social engineering involves human interactions, and the hacker tricks the victim into breaking the security protocol and obtains sensitive data which is protected.
  • Phishing is fraudulent activity by the attacker in the form of an email (similar to known and reputed sources with the same names) sent to the victim's email id. This is done to steal sensitive information and login details.
  • An insider threat is a type of security breach by an employee, contractor, or anybody who is in close connection with the company. 
  • Distributed denial-of-service (DDoS) attacks are where suspicious traffic is sent to the targeted website by attackers to make them slow, break/crash the system.
  • Advanced persistent threats (APTs) are the ones that are intended by an attacker for a long period to steal the data by remaining undetected by breaching the network security.
  • Man-in-the-middle (MitM) attacks are where the attacker acts as an unknown and unidentifiable middleman who intercepts the communication line between two parties. 

Source reference: Tech Target

DevOps and cybersecurity

image

Image credits: Niagara Networks

Cybersecurity today is not just about having firewalls and security, thinking it is all safe, and forgetting about it. It’s an ongoing effort that demands continuous and critical attention to overcome security challenges. Cybersecurity in the digital era complements the DevOps path to developing, testing, securing, managing, and maintaining continuous delivery and quality.

Organizations utilizing DevOps processes must implement robust security practices that we discussed above. Security standards implemented by the IT team should also be practiced for DevOps security. Without proper security measures in place, DevOps practices sometimes might expose the companies to severe security risks. The ideal way to manage DevOps cybersecurity is through collaboration with the security teams and engaging in continuous threat monitoring.

In software enterprises today, cybersecurity is integrated into DevOps for all the good reasons. Increasing communication and collaboration between the two departments will exponentially enhance risk management and deal with security issues that arise in any stage of the SDLC.

Cybersecurity in the news

In recent times, the most significant cybersecurity attack was of SolarWinds, a major US information technology firm, where the attack went undetected for months and was first reported by Reuters in December. This cybersecurity breach is regarded as one of the most impacted in the 21st century.

image

Image source: Twitter

After secretly breaking into SolarWind's systems, hackers added malicious code inside the company's one of the most significant software systems that affected several customers. The system called 'Orion IT' was impacted severely, it is the monitoring and management software adopted by many large enterprises and government agencies worldwide.

Solarwinds owns 33,000 customers that use Orion, according to SEC documents. This way, the attackers obtained access to the login credentials, networks, systems, and digital signatures of thousands of SolarWinds customers. 

The hackers employed the technique of supply chain attack to inject the malicious code into the Orion IT system. Through third-party access, hackers could break into the SolarWind's system (Orion IT), which usually happens in a supply chain attack. 

What now and what’s next? Biden’s Executive Order

SolarWind's attack was so terrifying that it shook the whole nation. Regarding this, the Biden administration started working towards straightening the cybersecurity regulations to prevent such attacks from happening and proposed billions to boost security. Biden signs executive order to modernize cyberdefenses; the order was motivated by the need for more robust security processes - specifically around software supply chain attacks. 

Biden's executive order strives to make a notable contribution toward modernizing the security best practices and shielding federal networks. 

With this, the software companies/providers of the nation are under pressure to renew and realign with strengthening their cybersecurity rules. This means that cybersecurity will be given the highest priority in the coming years by the software providers, and it seems like a great move to tackle the security invasion by attackers.

The U.S government and all related agencies have alerted their software vendors to follow robust cybersecurity protocols and principles. 

The Executive Order from the White House is very clear: It states that cybersecurity is equivalent to national security for the United States government. To attain a more strong security posture, any software sale to the Federal Government will require not just stable, valuable applications but also adhere to strict Software Bill of Materials (SBOM) requirements that include all of the components utilized to build the software.

Software Bill of Materials (SBOM)

SBOM is a complete list of components that make up a software program or application. It requires the vendors to carefully list the tools and third-party components used to build an application. SBOM is considered highly valuable for security reasons since it contains every minute detail. So, if any disaster or security issues appear, it is easy for the vendors to track back what caused the problem and helps to resolve or mitigate the challenges. 

With the current executive order, it is not just about the whole software but the details that matter the most, and every tiny detail or component must need to adhere to the new executive order. (We don’t know the exact requirements yet)

image

Image source: DevOps.com

Today, there are many solutions to scan and list the components used in an application, and JFrog is one of such solutions that goes a step further.

Using the JFrog products (specifically Artifactory and Xray), you can easily know the components, where those components came from, and all the related minute details of the components. This way, it is possible to make data-driven decisions and take preventive measures in case of any concerns.

The importance of SBOM

A company that makes software must prepare and maintain a software BOM (SBOM) for their codebases. Any typical JavaScript web application contains at least 1,000 dependencies, each of which can include further dependencies. Hence, just focusing on the top-level part of an application is irrelevant, which means we miss out on most of the code that an application is using. 

Ask yourself… Do you check whether the licenses for the open-source components your applications include are permissive or viral?

Do you have any idea if the open-source components in your codebase are being maintained?

How do you verify whether the open-source components your application or software is using have any known vulnerabilities? This is where the SBOM plays a vital role, and hence it is important not just about knowing the cake recipe but going beyond that and knowing every minute environmental detail that should be considered to make a good and tasty cake. 

This is where advanced requirements may come into play for the SBOM standards that will be revealed. While many security companies might give you ingredients, DevOps platforms that expose environments and variables across the binary lifecycle will be in a prime position to meet these new government requirements.

The JFrog Platform, for example, can function as what JFrog calls the “single source of truth” for your security posture. By understanding not just the top-level binaries but also all of the build and pipeline information, companies will be able to not just know the ingredients in the “cake,” but also where they all came from, the supply chain of those ingredients, and attest to the oven, temperature, cooking time, etc. In this way, companies may be able to better meet the coming needs based on these new cybersecurity demands.

Also published on DZone.

Join Hacker Noon

Create your free account to unlock your custom reading experience.