- Original Poster
- #1
BBC reports of hacking into secure cloud software thought by many to be a safe option
http://www.bbc.co.uk/news/technology-43057681
http://www.bbc.co.uk/news/technology-43057681
Hacking into cloud services
- Thread starter Chris Ashdown
- Start date
For every safe and secure storage there will be eventually someone looking to access it. Security is big business and requires in some cases lots of money to prevent most attacks.
Doubt there is anyone in the industry who would say they can prevent all attacks. Well, not if you wanted at some point to access the stuff.
Doubt there is anyone in the industry who would say they can prevent all attacks. Well, not if you wanted at some point to access the stuff.
Upvote
0
Nothing connected to the internet is secure. All you can hope to do is encourage the criminals to look elsewhere by making your system harder to crack that everyone else. Ultimately if what you have is valuable enough they will come after it even if it is the hardest to crack, either over the net, by bribing your staff, by hacking a supplier as a route in or by driving a bulldozer through the walls.
Upvote
0
Security is certainly a selling point in their eyes, although when these companies tout how "secure" their products/services are, I think the point they're making is more about how the cloud services are more secure than a small company trying to lock down it's own infrastructure (with small budgets and no experience) rather than their services actually being totally secure.
It's definitely misleading though, as you say - people assume that "secure" services are totally safe. Which as we've all seen, isn't the case!
Upvote
0
Regardless of how secure the cloud provider is, The weakest point in the security is usually the end user. Most users who have a total lack of security at home, weak and re-used passwords on their computer, laptop etc, and make it easy for cyber-criminals to get into their systems, and thus into their onedrive, google drive or dropbox etc. So if employees have access to work cloud storage or servers from home, then this undermines everything a company have done to lock things down at the office.
Upvote
0
Read http://www.theregister.co.uk/
There are almost daily reports of insecure, hacked or broken cloud storage buckets.
There are almost daily reports of insecure, hacked or broken cloud storage buckets.
Upvote
0
It really depends on your goals. If you are a big company who wants PCI/DSS, ISO27001 certification, penetration testing, GDPR etc, then yes hiring a security company to provide all that would start costing you thousands.
But for a small company who just need an audit, some best practices and procedures and training, then it needn't be expensive. They could if technically inclined get all the info online, or hire someone like me for a day.
While there is only so much that security products can do, they do actually do quite a bit for people who are completely non-security conscious and not very IT literate.
I tend to recommend BitDefender to clients, as it does cover all bases and is a full cyber security solution rather than just antivirus. I also offer BitDefender gravityZone as a fully managed solution to clients. Which means that I monitoring it and manage it remotely, and am alerted about any issues, so I can remotely login and deal with them or advise client if they are doing something they shouldn't.
It protects against phishing, malware, ransomware, network intrusion, application protection, file protection, content filtering and more.
But for a small company who just need an audit, some best practices and procedures and training, then it needn't be expensive. They could if technically inclined get all the info online, or hire someone like me for a day.
While there is only so much that security products can do, they do actually do quite a bit for people who are completely non-security conscious and not very IT literate.
I tend to recommend BitDefender to clients, as it does cover all bases and is a full cyber security solution rather than just antivirus. I also offer BitDefender gravityZone as a fully managed solution to clients. Which means that I monitoring it and manage it remotely, and am alerted about any issues, so I can remotely login and deal with them or advise client if they are doing something they shouldn't.
It protects against phishing, malware, ransomware, network intrusion, application protection, file protection, content filtering and more.
Upvote
0
There are daily reports of hacks everywhere, not just cloud storage. 30,000+ websites are hacked every day.
Upvote
0
- Original Poster
- #13
But i would guess that attacking the larger or more useful sites would make more sense than just Fred blogs up the road
Also with SAS you are tied to one place for most of your data
If banks who you would expect to be secure fail then many more medium size must be very venerable
Also with SAS you are tied to one place for most of your data
If banks who you would expect to be secure fail then many more medium size must be very venerable
Upvote
0
To give you an idea of how cloud infrastructure is under attack, the logs for the last 24 hours for our systems....(All use fail2ban so after 2 failures the IP address is dropped)
Failed POP/IMAP logins 100,000+ (All brute force attempts)
FTP server failed logins, unknown users 46,000
Email server blocked inbound email by RBL - 287,000
SMTP relay 38,000 failed password attempts
http tripwire captures 163,000 (bots looking for db.php, vulnerable wordpress, drupal etc)
We built cloud infrastructure with linux Vserver back in 2005 before anyone was even using the term 'cloud' and even today, if you ask people what 'the cloud' is, you'll get several different definitions that all overlap with, online, hosted, software as a service, or virtualised.
Failed POP/IMAP logins 100,000+ (All brute force attempts)
FTP server failed logins, unknown users 46,000
Email server blocked inbound email by RBL - 287,000
SMTP relay 38,000 failed password attempts
http tripwire captures 163,000 (bots looking for db.php, vulnerable wordpress, drupal etc)
We built cloud infrastructure with linux Vserver back in 2005 before anyone was even using the term 'cloud' and even today, if you ask people what 'the cloud' is, you'll get several different definitions that all overlap with, online, hosted, software as a service, or virtualised.
Upvote
0
Well I think that depends who they trying to target. Fred blogs up the road may have a very popular blog with thousands of visitors.
The target for most hackers is going to be the joe blogs type, with little to no IT savvy or security knowledge who is less likely to have the software installed which will detect an unsafe website.
But most of these hacks are automated anyway, they are bots that just scan the web for websites running vulnerable out of date software and then deploy their payload to as many sites as possible.
The bigger companies who should know better seem to be the worse culprits, and also have much more staff to be the cause of a security breach, which makes them more vulnerable if they are not following procedures and protocols. It only takes one person to bring an infected laptop into work and plug it into the network. They are also going to be a far more lucrative target for ransomware than the SMB's.
The blocked attacks you quoted are not specific to cloud, these types of attacks are not new, they have been occuring for as long as the internet has existed, long before the cloud existed, and are happening all day every day against every host's servers, VPS, dedicated or otherwise, against home broadband routers and IOT devices. Literally any device that is connected to the internet and publicly accessible will get scanned for known services and an attempted hack will be made at some point.
Upvote
0
I like the definition I saw on a T-shirt. 'The Cloud is simply somebody else's computer'.
If your data is in your office then only the people working there have physical access. If you put it on the internet then everyone in the world can have a go at proving your security was a lot less than you thought. And with the new GDPR coming out in March then the blame and grief will land firmly on your doorstep if it goes wrong.
If your data is in your office then only the people working there have physical access. If you put it on the internet then everyone in the world can have a go at proving your security was a lot less than you thought. And with the new GDPR coming out in March then the blame and grief will land firmly on your doorstep if it goes wrong.
Upvote
0
I like this.... I am going to get one of these shirts and wear it when I next go to see my accountant with whom I have a running battle to avoid my financial data being transferred and stored on 'The Cloud'
Upvote
0
Latest Articles
-
The Most Dangerous Moment in Business Is When Everything Is Going WellThey Saw It Coming. They Did Nothing. The Lessons Every Business Owner...- Ozzy
- Updated:
-
AI and Your Business: Useful Tool, Not a Magic WandThere is no shortage of noise around artificial intelligence right now...
- Ozzy
- Updated:
-
Companies House WebFiling security incident: what happened, what to check, and what to do nextCompanies House has confirmed that its WebFiling service suffered a...
- Ozzy
- Updated:
-
Spring Budget 2026: A Quiet Update for UK BusinessesChancellor Rachel Reeves delivered the UK’s Spring Statement on 3 March...
- Ozzy
- Updated:
-
Practical Ways to Make Your Small Business More Resilient (Especially When the Unexpected Happens)Running a business means juggling plenty of things you can plan for and...- UKBF Editor
- Updated:
