Recent cyber activity now suggests that it isn’t just networks that are vulnerable to cyber attacks. A 2019 year-end article in the Wall Street Journal identifies Chinese cyber attackers that were found lingering in the cloud, collecting data.
The attackers, dubbed APT10 by U.S. officials, seem to have infiltrated cloud networking services, gaining access to proprietary data, security clearance information, and even medical research. Even scarier, the attackers could still be lingering among cloud services, years after the first known attack in 2016.
“They came in through cloud service providers, where companies thought their data was safely stored.”
After accessing the cloud, APT10 has had the ability to “hop” from client to client gathering sensitive data, the report says. Officials say there is evidence of IP addresses pinging data back to APT10’s network between April and mid-November. The Cloud Hopper attack has affected companies and organizations ranging from IT giants Hewlett Packard Enterprise Co. and IBM, to the U.S. Justice Department and Navy.
“The hack illustrates a weakness at the heart of global business, with the biggest companies in the world increasingly storing their most sensitive data with cloud providers, also known as managed service providers, which have long touted their security.”
It is important to note that among a cloud provider’s “proprietary data” is their customer subscriber information. If this information is hacked, it helps the attackers identify and prioritize who’s data might be of the most interest to steal. In some cases, it also narrows the possible location (data centers) of where the data-of-interest is stored. While the attackers might be “hopping” between cloud locations and clients, the attack might not be random but rather a focused effort on high-value brand-identity targets that were registered in the cloud provider’s subscriber databases.
If you’re looking for solutions to cloud cyber attacks, we have them.
How to help mitigate the APT problem?
- Use a low-profile surrogate identity to subscribe for network services and especially for cloud hosting of your sensitive data.
- Isolate and disguise your network within the overall cloud environment so that it is not as apparent to APTs that may be lingering in-wait.
- Utilize more than one cloud to make it more difficult for an APT in one environment to “hop” and follow your activity.
- Don’t be a static network. If you shift and move, APTs can’t easily map your location and then simply sit in-wait to steal and collate your data.
- Be proactive, not reactive. Disguise and protect your network before you become the target of an APT.
“If they can’t find you…they can’t attack you.”