UPDATED 23:04 EST / APRIL 16 2018

INFRA

McAfee cooks up recipe for cloud attack and a way to guard against poisoning

Are information technology executives prepared to accept that data stored in the cloud will be 75 percent secure? That’s one of the central questions that emerged today on the first day of the RSA Conference in San Francisco.

A report released by McAfee Inc. today found that one in four organizations surveyed, based on a sampling of 1,400 information technology personnel, experienced data theft from a public cloud. Moreover, one in five enterprises had experienced an advanced attack against the public cloud infrastructure.

“We’re developing solutions and implementing them in an insecure way,” said Raj Samani (pictured), chief scientist at McAfee, who spoke at the Cloud Security Alliance Summit during the conference.

Most companies store sensitive data in cloud

Despite the percentage of attacks cited in the McAfee report, the cybersecurity company also found that the number of organizations using public, private or hybrid cloud services rose from 93 percent to 97 percent over the course of the last year — virtually all of them, in other words. And 83 percent of those surveyed stored sensitive data in the public cloud.

McAfee’s chief scientist and his colleague, Christiaan Beek, offered RSA attendees some insight into how hackers might be able to gain access to a public cloud. The McAfee executives outlined a recipe that showed that the process for cooking up a ransomware attack on a public cloud, ominously, was just not that hard.

McAfee’s hypothetical recipe starts with throwing in a handful of S3 storage credentials, acquired by sourcing code publicly posted on various sites, such as GitHub, for Amazon Web Services access credentials. According to Samani, McAfee’s researchers found 384,000 code results they then disclosed to AWS, which promptly removed them.

The next step is to add a cup of open cloud storage buckets, which proved readily available. McAfee found more than 1,200 writable third-party buckets, including a resource managed by one of the large online advertising networks in the world, according to Samani.

Add a pinch of PowerShell scripts, the malware hidden in innocuous-looking image files, the kind used to launch a major attack at the Winter Olympic Games in South Korea in February. Then mix in a half-cup of ransomware code, which is readily available for sale on the Dark Web, and uncap a bitcoin wallet to start raking in payments from hapless public cloud victims.

Growing unease about protections

The release of McAfee’s report highlights a level of unease among security professionals around the current state of security in a fully networked world.

“Eighty billion dollars was spent last year on security and we didn’t make it any better,” Bill Mann, senior vice president of products and chief product officer at Centrify Corp., said during a separate panel discussion. “We need to refocus on what we’re doing in security because we’re doing the wrong things.”

What might constitute a better approach, especially when it involves the cloud? There was a great deal of discussion among many of the speakers at RSA on Monday about the model for Cloud Access Security Brokers, or CASBs. These represent cloud-based security policy enforcement points that sit between a user and the cloud provider to control access to resources.

“Consistent policy enforcement across all cloud services,” said Mitchell Greenfield, manager of security strategy and architecture for Humana Inc.: “That’s really to us the holy grail of cloud security.”

McAfee also announced its CASB Connect Program, billed as the first service to secure any cloud application through an API framework. The program allows cloud service providers to build API connectors to the McAfee Skyhigh Security Cloud without the need to write any code.

Inherent in McAfee’s approach is a belief that the future of cloud security will be based on a more decentralized model, in contrast to a philosophy of putting all the eggs in one basket and guarding them zealously. That, according to McAfee and others, is so 2017.

“A lot of the underlying thinking we have about crypto is going to be thrown out the window,” said Centrify’s Mann. Now companies have to figure out what’s going to replace it in the cloud computing era.

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU