For This Week in Cloud, we review the essential headlines in cloud and cybersecurity news. This past week witnessed significant attacks across a range of targets, from website hosting service Weebly to infrastructure provider Dyn. Read on for more details from This Week in Cloud.
The DDoS Heard Around the Internet
Hackers made waves a few weeks back with a record-setting DoS attack on cybersecurity researcher Brian Krebs’ website. A new threat has taken aim at infrastructure provider Dyn Inc. Enterprise cloud providers have established reputations for reliability, yet leading services like GitHub, Twitter, Spotify, and Amazon went offline during the attacks. In the immediate future, the attack serves as a reminder for enterprises to know the basics on their cloud providers’ infrastructure including the location of data centers and with which providers the services are hosted. The hackers’ success may cause concern about the stability of critical infrastructure’s vulnerability to similar attacks.
DDoS Knocks Down DNS, Data Centers Across the US Affected | Steve Ragan, CSO
What We Know About Friday’s Massive East Coast Internet Outage | Lily Hay Newman, Wired
Hackers and the Government
Zero-day vulnerabilities are considered the trump card in a hacker’s arsenal. Consequently, these vulnerabilities are very expensive and not used lightly since they require significant resources to research. New research points to the use of zero-day vulnerabilities from the group that hacked the Democratic National Committee, supporting claims that the attackers had nation-state support. On the other side of the law, friendly or “white-hat” hackers were so successful in collaborating with the Department of Defense on its cybersecurity that the Pentagon has decided to expand the program. Bug bounties give companies the opportunity to reward ethical hackers for discovering vulnerabilities that could be exploited by malicious attackers.
Zero Days Used in Attacks on DNC, Podesta | Greg Masters, SC Magazine
Pentagon to Launch More Bug Bounty Programs | Eduard Kovacs, SecurityWeek
Rise of the Botnets
It isn’t exactly the Matrix or Terminator, but hundreds of thousands of connected devices contributed to the DDoS attack that knocked popular internet services offline. The attack leverages a botnet called Mirai, which targets connected devices with low-security passwords. The code used in the attack has been made public, meaning the pressure may be on device owners to update their security settings.
How an Army of Vulnerable Gadgets Took Down the Web Today | Nick Statt, The Verge
Blame the Internet of Things for Today’s Web Blackout | Jessica Conditt, Engadget
By the Numbers
The number of common vulnerabilities and exposures listed in the NIST National Vulnerability Database
The number of user accounts affected by a data breach from web hosting service Weebly
The number of hackers collaborating with HackerOne, a provider of bug bounty programs
CASB Magic Quadrant 2019 is here – McAfee a Leader for third consecutive year
CASB RFP Template: 200+ Common Questions Enterprises Are Asking
9 Cloud Computing Security Risks Every Company Faces
Office 365 Security Concerns: Download Definitive Guide to Office 365 eBook
51 AWS Security Best Practices