Tag Archive for: Cyber Security

These Are the Top Five Cloud Security Risks, Qualys Says

Cloud security specialist Qualys has provided its view of the top five cloud security risks, drawing insights and data from its own platform and third parties.

The five key risk areas are misconfigurations, external-facing vulnerabilities, weaponized vulnerabilities, malware inside a cloud environment, and remediation lag (that is, delays in patching).

The 2023 Qualys Cloud Security Insights report (PDF) provides more details on these risk areas. It will surprise no-one that misconfiguration is the first. As long ago as January 2020, the NSA warned that misconfiguration is a primary risk area for cloud assets – and little seems to have changed. Both Qualys and the NSA cite misunderstanding or avoidance of the concept of shared responsibility between cloud service providers (CSP) and cloud consumers is a primary cause of misconfiguration.

“Under the shared responsibility model,” explains Utpal Bhatt, CMO at Tigera, “CSPs are responsible for monitoring and responding to threats to the cloud and infrastructure, including servers and connections. They are also expected to provide customers with the capabilities needed to secure their workloads and data. The organization using the cloud is responsible for the protection of workloads running in the cloud. Workload protection includes secure workload posture, runtime protection, threat detection, incident response and risk mitigation.”

While CSPs provide security settings, the speed and simplicity of deploying data to the cloud often lead to these controls being ignored, while compensating consumer controls are inadequate. Misunderstanding or misusing the delineation of shared responsibility leaves cracks in the defense; and Qualys notes “these security ‘cracks’ can quickly open a cloud environment and expose sensitive data and resources to attackers.”

Qualys finds that misconfiguration (measured against the CIS benchmarks) is present in 60% of Google Cloud Platform (GCP) usage, 57% of Azure, and 34% of Amazon Web Services (AWS).

Travis Smith, VP of the Qualys threat research unit, suggests, “The reason AWS configurations are more secure than their counterparts at Azure and GCP can likely be attributed to the larger market share… there is more material on securing AWS compared to other CSPs in the market.”

The report urges greater use of the Center for Internet Security (CIS) benchmarks to harden cloud environments. “No organization will deploy 100% coverage,” adds Smith, “but the [CIS benchmarks mapped to the MITRE ATT&CK tactics and techniques] should be strongly considered as a baseline if organizations want to reduce the risk of experiencing a security incident in their cloud deployments.”

The second big risk comes from external facing assets that contain a known vulnerability. Cloud assets with a public IP can be scanned by attackers looking for vulnerabilities. Log4Shell, an external facing vulnerability, is used as an example. “Today, patches exist for Log4Shell and its known secondary vulnerabilities,” says Qualys. “But Log4Shell is still woefully under remediated with 68.44% of detections being unpatched on external-facing cloud assets.”

Log4Shell also illustrates the third risk: weaponized vulnerabilities. “The existence of weaponized vulnerabilities is like handing anyone a key to your cloud,” says the report. Log4Shell allows attackers to execute arbitrary Java code or leak sensitive information by manipulating specific string substitution expressions when logging a string. It is easy to exploit and ubiquitous across clouds.

“Log4Shell was first detected in December 2021 and continues to plague enterprises globally. We have detected one million Log4Shell vulnerabilities, with a mere 30% successfully fixed. Due to complexity, remediating Log4Shell vulnerabilities takes, on average, 136.36 days (about four and a half months).”

The fourth risk is the presence of malware already in your cloud. While this doesn’t automatically imply ‘game over’, it will be soon if nothing is done. “The two greatest threats to cloud assets are cryptomining and malware; both are designed to provide a foothold in your environment or facilitate lateral movement,” says the report. “The key damage caused by cryptomining is based on wasted cost of compute cycles.”

While this may be true for miners, it is worth remembering that the miners found a way in. Given the efficiency of information sharing in the dark web, that route is likely to become known to other criminals. In August 2022, Sophos reported on ‘multiple adversary’ attacks, with miners often leading the charge. “Cryptominers,” Sophos told SecurityWeek at the time, “should be considered as the canary in the coal mine – an initial indicator of almost inevitable further attacks.”

In short, if you find a cryptominer in your cloud, start looking for additional malware, and find and fix the miner’s route in.

The fifth risk is slow vulnerability remediation – that is, an overlong patch timeframe. We have already seen that Log4Shell has a remediation time of more than 136 days, if it is done at all. The same general principle will apply to other patchable vulnerabilities.

Effective patching quickly lowers the quantity of vulnerabilities in your system and improves your security. Statistics show that this is more effectively performed by some automated method. “In almost every instance,” says the report, “automated patching proves to be a more effective remediation path than hoping manual efforts will effectively deploy critical patches and keep your business safer.”

For non-Windows systems, the effect of automated patching is an 8% improvement in the patch rate, and a two-day reduction in the time to remediate.

Related to the remediation risk is the concept of technical debt – the continued use of end-of-support (EOS) or end-of-life (EOL) products. These products are no longer supported by the supplier – there will be no patches to implement, and future vulnerabilities will automatically become zero day threats unless you can otherwise remediate. 

“More than 60 million applications discovered during our investigation are end-of-support (EOS) and end-of-life (EOL),” notes the report. Furthermore, “During the next 12 months, more than 35,000 applications will go end-of-support.”

Each of these risks need to be prioritized by defense teams. The speed of cloud use by consumers and abuse by attackers suggests that wherever possible defenders should employ automation and artificial intelligence to protect their cloud assets. “Automation is central to cloud security,” comments Bhatt, “because in the cloud, computing resources are numerous and in constant flux.”

Source: These Are the Top Five Cloud Security Risks, Qualys Says – SecurityWeek

Get more value from Virtual Meetings 

Remote meetings are becoming more frequent and appear to be here to stay in the modern working world. Despite the fears around issues such as home Wi-Fi going down, noises and the impromptu appearance of pets and children in meetings, overall, these fears have not materialised in a way that would make the office an obvious better choice; the office can also feature noise, distractions and technical issues after all. 

In all, it is increasingly clear that virtual meetings can be just as productive, if not more so, than in-person meetings. However, this new format does present new risks too, particularly in relation to preparation and attendance, technical issues and the risk of digressing from the topic at hand.  

This piece runs over the challenges of remote meetings and gives some guidelines for how to find a remote meeting provider that meets your needs. In our next piece, we’ll discuss how to hold effective remote meetings using specific tips and actions.  

The challenges of remote meetings 

Remote meetings can be lengthy internet conferences with participants from all around the world or brief 1:1 sessions. One of the clear benefits of remote meetings is that they facilitate live collaboration between staff members from across the world. Since there are no longer any geographical limitations, a wider spectrum of talent is now accessible. 

A remote meeting differs from an in-person meeting because it takes place virtually. Whilst an obvious difference, there are some unique challenges that arise as a result:  

  • They can affect our ability to read body language and emotion; virtual meetings have been associated with the idea of ‘zoom fatigue’, as it can take more energy to read these visual cues through a virtual interface. 
  • Issues with the audio and visuals, due to technical barriers or settings; ‘You’re on mute!’.  
  • Working together across different time zones and shifts 
  • Hardware and software dependencies creating differences in accessibility and experience 
  • Distractions and technical limitations in the home office  

Remote meetings tend to follow the same format and protocol as in-person meetings, despite the additional technical obstacles and geographic distance.  

How to choose the right tool for remote meetings 

When selecting a platform for remote meetings, several criteria should be considered. It is important to consider the elements that are unique to your team and organisation. For larger and smaller gathering and other requirements, different tools may be better suited than others.  

Consider the following elements when you consider your remote meeting options: 

  • Your team’s size 
  • Time zones and locations 
  • Sharing of screens and visuals  
  • Having the ability to schedule in advance 
  • Platform uptime and reliability 
  • Team hardware for accessing remote meetings 

How you run your meeting is just as important as selecting the finest platform to host it on. A productive online meeting requires careful planning, keeping track of ideas and activities, central information storage and ensuring remote access to the materials. 

Online tools have also emerged increasingly for managing meetings, including digital whiteboards, mind maps, and cloud-based note storage to take notes instantly. The tools to support the meetings, like the meeting software, may vary by requirements. For example, to document a project meeting, you may require a basic Word document or bring in project management software including Kanban boards to capture and organise the insights and actions of the meeting.  

It’s crucial to have a tool that facilitates clear decision-making for the team, collects fresh ideas and information, and stores it for future use. 

One such tool is Microsoft Teams 

Microsoft 365’s collaboration tool, Microsoft Teams, is a leading cloud office tool that encourages teamwork, video conferencing, document sharing and workplace collaboration. 

Teams was released in 2017 as a rival to Clack for online communications. Since its release it has grown quickly to become one of the world’s most popular collaboration tools, driven in no small part by the Covid-19 pandemic. It has been so successful, that Teams has been dubbed the company’s fastest-growing business app in its entire existence! 

Teams has emerged as one of Microsoft’s key workplace productivity and collaboration tools partly because of the necessity of remote working that emerged from the pandemic. Businesses scrambled to set up virtual meetings for remote employees. As businesses closed and sent employees home in March 2020, Microsoft observed a 1,000% spike in video meetings. Teams users also increased dramatically, from 32 million at the beginning of March to 75 million by the conclusion of the month. 

Microsoft quickly added new features to enhance remote working capabilities to take advantage of the fast changes in working habits, and to reduce the fatigue that became associated with video conferences. One of the key features, called ‘together mode’, produces a virtual environment, like a conference room for example, where participants’ video feeds are cropped and gathered in more natural settings to create a shared area that feels more suited to collaborative dialogue. 

It has many meeting-friendly features. distractions are lessened with the addition of real-time noise suppression. Deep learning techniques isolate the speech signal from undesired background noise. Basic video call features like custom backdrops, screen sharing, hand raising, recording, breakout rooms, and live captioning are also available within the Teams app to further enhance the meeting experience. 

How can you determine what is effective for you? We encourage getting clear on your criteria and scouting out the virtual meeting providers that can meet your needs. Even better, a meeting provider that can integrate its software with your other applications can offer additional benefits, such as automation, streamlining and enhanced communications across your organisation.  

Want to capitalise on the potential of your technology? Contact 4TC Today 

4TC take time to understand the daily challenges that your business faces. We then provide cost-effective tech solutions to these issues that will help you save time, protect vital data, and enable you and your staff to be more effective with your time management. Alongside our proactive IT support, we will ensure that your staff are using the technology at their disposal in a way that works for them, whilst making sure that they are educated on how to use it as productively as possible. The right Cloud solution has the power to revolutionise your business forever – utilising your IT to its full potential is essential to guaranteeing that you and your business can thrive and grow into the future. If you would like to find out more on how 4TC Services can provide affordable tech management for your business, drop us an email or call us now for a full demonstration. 

Legacy Apps – The Problems