By: Jack M. Germain
Let’s face the cloudy facts. A long-time axiom about computer security is that “obscurity breeds security.” In essence, make your platform hard to find. Operating in the cloud, however, makes that almost impossible.
Obscurity as best security is one reason why the Linux operating system as a desktop computing platform is seldom hit with viruses and victimized by vulnerabilities. The Linux OS has a much smaller user base. So it stays well off the bad guys’ radar.
But the Linux OS as a server platform is very prominent. The popularity of cloud computing is growing steadily, and the Linux platform rules the cloud.
So, staying more or less obscure is a challenge to remaining secure. The proliferation of cloud services in recent years means malware is becoming increasingly sophisticated, and attacks are passing through corporate networks undetected.
“Malware on your cloud server, whether it is your primary server or your backup, is a huge concern. If it is your primary server, it can infect your entire network quickly. If backups, it can affect business continuity and the integrity of your data,” Perryn Olson, marketing director at MyITSupport.com, told me in a recent discussion on the intensifying threat of malware.
To mitigate the potential loss of data from malware attacks, the company suggests maintaining three backups. Make one backup local. Store the second backup offsite (cloud). Keep the third backup as a local, read-only version.
The first two solutions are for geographic diversity in case of an onsite, physical disaster. The read-only version is purely for cyber attacks because malware cannot execute on that drive.
Cloud-based systems can be more susceptible to malware threats because they are generally more accessible to hackers, agreed Patrick Leonard, chief operating officer and vice president at MyITSupport.com. Many internal systems are protected by firewalls and grant access only through a VPN.
“Cloud providers have a different set of challenges, and an infection on just one system can have an impact on the capabilities of their systems to provide for other tenants. DDoS attacks also are a factor in the usability of the cloud services,” Leonard explained.
The platforms differ, but the malware’s end result is often the same. The goal is to extract data from the cloud or the local computer that’s in use. The main difference is how the malignant code goes about doing it.
Prior to cloud systems, most malware was slower to traverse corporate networks. Today’s reliance on public clouds, social media advertising, and the dark web enables malicious actors to collaborate and use those resources to gain a significant advantage in the distribution of malware, he noted.
“This means more infections and more data [are] being leaked online or to other countries,” said Leonard.
One primary problem with malware in the cloud is that the users have no idea what the malware has done. Its actions consume your bandwidth, leaving you to deal with the repercussions, according to Josh Rosenthal, a spokesperson for Cloudsploit.com.
“The problem with malware on the server is going to be here for a long time. Even virtual machine environments running servers are susceptible to malware,” he warned.
Dealing with malware, especially in the cloud, demands applying as many ounces of prevention as you can to avoid needing several pounds of cure. One way to do that is to make sure that your “digital” doors are closed and locked to intrusions, suggested Rosenthal.
Two generic types of malware are impacting the cloud. One is targeted. The other is trolling.
“If I am going to target you, chances are I’m going to get you. I will put into my attack vector enough brainpower and enough attacks against you to get inside. One way or another, I’m going to get you,” Rosenthal said mimicking the hacker’s battle cry.
Typically, malware succeeds more likely as the result of trolling rather than a deliberate, targeted affront. Most attacks are not directly aimed at the hapless victims; instead, they just happen to get caught in the malware’s net.
“That is where you find a lot of the malicious malware. The goal is to get onto your server, so later I can use that connection to send something out,” said Rosenthal, again role-playing as the hacker. “That is a scary situation.”
All it takes for a hacker to succeed is getting one username and password through email. Then, it is a routine matter of repeatedly trying those credentials and related combinations to gain another entry elsewhere, explained Rosenthal.
You can never patch all of the holes that provide vulnerabilities in software. More important could be patching one of the biggest causes of holes — the human element.
“A lot of the prevention to malware attacks comes down to employee education,” said Rosenthal.
Defeating Attack Vectors
The largest threat vector is the Remote Desktop Server/Citrix server that may be unpatched and running on cloud systems. Other unpatched operating systems and SQL servers can also be a very big playground for hackers and those with malicious intent, warned MYITSupport.com’s Leonard.
“Many cloud systems allow you to also open ports to your services for public use. Lock down the ports to only what is necessary. If you are going to open a port to the entire world, make sure you understand the risks associated with doing so and have a plan of action in the event of an attack or infection,” he suggested.
Sysadmins of cloud servers should be ready to prevent and then mitigate infections.
Backing up files regularly and patching software with the latest updates as soon as possible are critical to robustly defend against malware.
“We will never be able to stop 100 percent of attacks, but we as an IT industry must have data protection and recoverability at the top of our list,” said Leonard.
Please feel free to share below any comments or insights about your experience with shielding against malware in the cloud. And if you found this blog useful, consider sharing it through social media.
About the blogger: Jack M. Germain is a veteran IT journalist whose outstanding IT work can be found regularly in ECT New Network’s LinuxInsider, and other outlets like TechNewsDirectory. Jack’s reporting has spanned four decades and his breadth of IT experience is unmatched. And while his views and reports are solely his and don’t necessarily reflect those of Linode, we are grateful for his contributions. He can be followed on Google+.