November 19

0 comments

Cloud Logs: Security Strategies to Avoid the Expedition of Business Attacks

Cybercriminals are always looking for new ways to steal data and are very good at keeping up with the latest technology trend. The company's swift movement to cloud-based services and technologies has made them not only efficient, agile, and scalable but also vulnerable. It has been found that, in the dark web, terabytes of internal data and login information for Facebook, Amazon, Twitter, PayPal, and Google, etc., are sold daily.

The stolen data are monetized on a subscription basis, and Cybercriminals customers use those to attack organizations. Robert McArdle, a Threat researcher for Trend Micro, mentioned, "The new market for access to cloud logs ensures stolen information can be used more quickly and effectively by the cybercrime community—that's bad news for enterprise security teams." Consequently, it also affects the organizations and their users, provided with very little time to detect and respond to attacks triggered by data provided by the clouds of logs.

Merchandising the Stolen Logs Information

Theft of account credentials, email accounts, and domains have always been on a peek. With the unprecedented increase in cloud services, criminals allow a brief period for an organization to take any actions.

In the underground markets, there is a tremendous demand for sensitive information like personally identifiable information (PII), keystrokes, authentication credentials to online portals, online banks, credit cards, invoices, tax reports, browsing history, cookies, and more.

Cybercriminals monetize the stolen corporate and cloud platforms data by renting access to their cloud of logs. To an amusement, customers pay monthly subscriptions to access these datasets. 

Cloud technologies have provided excellent computing power and bandwidth, which hackers can fully exploit to optimize their missions. They use numerous tools for log analysis and exfiltration.

Moreover, with the availability and diverse stolen data, hackers can commit crimes faster. They just need to query the sensitive info from the underground markets' datasets, which leaves organizations with significant risk. The stolen data variance will impact the organization with weak security as they won't have much time to detect and respond.

Security Strategies to Avoid System Compromise

  • Strengthen security controls in the intrusion detection system that might lead to criminal's clouds of logs.

  • Use security solutions that allow enterprises to have full visibility of attack life cycle, chain of events, examine endpoints and server layers, infiltration, exfiltration, and provide an entire full platform to respond, detect, investigate and mitigate similar risks in future.

  • Train and conduct an awareness program to develop a strong security workforce.

  • To avoid hackers gaining access to critical systems, an organization should seriously follow the principle of least privilege for users to access networks, applications, and systems.

  • Apply the configuration management and change control process for the security devices connected to the network

  • Remote access and VPN are the attackers' gateways for system accounts. So, implement data-breach prevention and mitigation strategies to avoid a compromised system.

About Allari

Allari implements customized service plans for IT Operations & Cyber-security which allow you to complete a higher volume of planned work, gain the capacity to innovate and help your business to win.

Subscribe to the best newsletter there is.

You won't regret it!


Tags

Cloud Services, Compromise System, cookies, credentials steal, Cybercriminals, IDS, keystrokes, logs, RDP and VPN, Security, Strategy, Vulnerability and Risk Management


About the author

Priya Thapa

Inspired by Allan Turing, who is considered to be the father of Theoretical Computer Science and Artificial Intelligence, I am very fascinated by cryptography and deciphering secret codes. I have an interest in Network, Application, and Information Security.

You may also like

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}
>