Hacking Via The Cloud

Uploaded on 2018-07-24 in BUSINESS-Services-IT & Telecoms, FREE TO VIEW, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

It has now become much clearer that Red Apollo a Chinese hacking cluster in 2017 launched a very large international cyber espionage campaign. This attack hit cloud service rather than attacking companies directly, it targeted cloud service supplier’s networks so that it could infiltrate the cloud’s connections to business computer systems and spy/monitor them.

The attacks, called Operation Cloud Hopper, focused on managed IT cloud providers and at least fifteen countries were affected including Germany, US, Canada, New Zealand, France, Australia, UK and Japan.

These attacks on the cloud systems raises the level of cyber-attacks to a new level which is much more criminally sophisticated and governments and policing authorities should become far more focused in their responses to these types of cyber-attacks.

 “If we look at the last year or two of cyber-attacks there have been a lot of dramatic attacks,” says Ciaran Martin, chief executive of the UK’s National Cyber Security Centre (NCSC), part of GCHQ. “But one of the slow burning, strategic issues is the integrity of the supply chain and how corporations and government departments manage that risk.

“I think collectively we have been slower than we should have been to realise the importance of that.”

Richard Horne, a cyber security partner at PwC, explains how Russian hackers breached a software provider in Ukraine called MeDoc and inserted a “back door” into its next software update. “Once that was inserted then the attackers could download their malicious code, a brilliant piece of code, which then spread within about 60 minutes,” adds Mr Horne.

Ever since the poisoning of the former Russian double agent Sergei Skripal and his daughter in Salisbury in the south of England in March, the UK has stepped up its cyber security measures around potential Kremlin-backed cyber hostility and this was again brought into the media while the World Cup took place in Russia when it was thought that Russia would use cyber methods to spread positive Russian news.

Now a serious concern for cyber security officials is that state-backed hackers and criminals could penetrate the systems of critical infrastructure organisations such as police, banks, energy companies and parts of government.

This year the NCSC published guidance explains how to be secure and protect against four widespread supply chain attacks. The guidance highlights third party software providers, website builders and external data stores as the most-risky links in any company’s IT supply chain.

In 2013 the US retailer Target was hacked using access granted to a refrigeration and air conditioning supplier. The attack led to the details of more than 70m Target customers being compromised, including the accounts of more than 40m credit card holders.

Dave Palmer, director of technology at Darktrace, a leading cybersecurity firm, says that while high-profile incidents such as the Target hack alerted businesses to the risk in the supply chain, he still witnesses instances where external companies sign up to stringent security standards but then fall “woefully short”.

New EU GDPRGeneral Data Protection Regulation which came into force May 25th 2018, now requires EU companies and others who trade within the EU to assess suppliers’ security risks.

Alfred Rolington - Cyber Security Intelligence

For more Information, please contact: Cyber Security Intelligence at:info@cybersecurityintelligence.com

« China Dominates Global Investment In AI
AI Will Thrash Employment »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

European Defence Agency (EDA)

European Defence Agency (EDA)

EDAs mission is to improve European defence capabilities. Programme areas include Cyber Defence.

National Crime Agency (NCA) - United Kingdom

National Crime Agency (NCA) - United Kingdom

The NCA's Cyber Crime Unit focuses on critical cyber incidents in the UK as well as longer-term activity against the criminals and the services on which they depend.

CERT Polska

CERT Polska

CERT Polska is the first Polish computer emergency response team and operates within the structures of NASK (Research and Academic Computer Network) research institute.

VMRay

VMRay

VMRay delivers advanced threat analysis and detection that combines a unique agentless hypervisor-based network sandbox with a real-time reputation engine.

Havelsan

Havelsan

HAVELSAN is a leading technology company in Turkey developing indigenous systems for domestic and foreign military, public and private sector clients.

Council for Information & Communication Technologies (CTIC)

Council for Information & Communication Technologies (CTIC)

CTIC was set up to address specific issues in the field of ICT relevant to the implementation of electronic government.

Capula

Capula

Capula is a leading system integration specialist for control, automation and operational IT systems across all applications and industry sectors.

itbox.online

itbox.online

Itbox.online offers IT solutions to ensure that your company's technologies are always available and secure as your business demands.

Lithuanian National Accreditation Bureau

Lithuanian National Accreditation Bureau

Lithuanian National Accreditation Bureau is the national accreditation body for Lithuania. The directory of members provides details of organisations offering certification services for ISO 27001.

Enginsight

Enginsight

Enginsight provides a comprehensive solution for monitoring and securing your servers and clients.

Nuance Communications

Nuance Communications

From revolutionizing the doctor-patient relationship to reinventing the way brands connect with their customers, Nuance technology helps organizations push the boundaries of what’s possible.

Hawk AI

Hawk AI

Hawk AI’s mission is to help financial institutions detect financial crime more effectively and efficiently using AI to enhance rules and find anomalies.

AArete

AArete

AArete is a global management and technology consulting firm specializing in strategic profitability improvement, digital transformation, and advisory services.

CyberXpert

CyberXpert

CyberXpert is your cybersecurity partner for the public and private sector in Belgium.

Kontra

Kontra

Kontra application security training is an interactive and intuitive learning experience that engages developers.

Pacific Certifications

Pacific Certifications

Pacific Certifications provide accredited certification, training and support services to help you improve processes, performance and products and services.