Recent cyber activity now suggests that it isn’t just networks that are vulnerable to cyber attacks. A 2019 year-end article in the Wall Street Journal identifies Chinese cyber attackers that were found lingering in the cloud, collecting data.
The attackers, dubbed APT10 by U.S. officials, seem to have infiltrated cloud networking services, gaining access to proprietary data, security clearance information, and even medical research. Even scarier, the attackers could still be lingering among cloud services, years after the first known attack in 2016.
“They came in through cloud service providers, where companies thought their data was safely stored.”
After accessing the cloud, APT10 has had the ability to “hop” from client to client gathering sensitive data, the report says. Officials say there is evidence of IP addresses pinging data back to APT10’s network between April and mid-November. The Cloud Hopper attack has affected companies and organizations ranging from IT giants Hewlett Packard Enterprise Co. and IBM, to the U.S. Justice Department and Navy.
“The hack illustrates a weakness at the heart of global business, with the biggest companies in the world increasingly storing their most sensitive data with cloud providers, also known as managed service providers, which have long touted their security.”
It is important to note that among a cloud provider’s “proprietary data” is their customer subscriber information. If this information is hacked, it helps the attackers identify and prioritize who’s data might be of the most interest to steal. In some cases, it also narrows the possible location (data centers) of where the data-of-interest is stored. While the attackers might be “hopping” between cloud locations and clients, the attack might not be random but rather a focused effort on high-value brand-identity targets that were registered in the cloud provider’s subscriber databases.
How to help mitigate the APT problem?
“If they can’t find you…they can’t attack you.”
Steve spent 30 years with the Central Intelligence Agency, primary as an overseas field Intelligence collector and then operations support manager. As a former practitioner in the use and acquisition of alternate identities, he provides thought leadership on operational threat assessments and identity protection implementation strategies.
Cyber attackers thought to stem from China have infiltrated cloud networking services gaining access to proprietary data, security clearance information, and even medical research.READ MORE
Nation-state hackers are exploiting previously disclosed vulnerabilities in VPNs. According to a security advisory from the NSA.READ MORE
The risk involved with enterprise cloud deployments is expanding, with several resent reports indicating a rise in cloud security incidents and threats.READ MORE
Sign up for the latest posts and updates from NetAbstraction.
This article appeared in Security Brief, New Zealand and is republished here with their permission.Mobile phones have a huge impact on the day-to-day lives and the way one communicates with the world.Read More
This article, “Life Beyond Malware,” originally appeared on ITProPortal and is published here with their permission.Read More