Learn More about Cyber Attacks and How to Prevent Them
Learn More about Cyber Attacks and How to Prevent Them
Cyber attacks are a frightening prospect for a number of people, especially business owners.
It is known that many companies in the world experienced financial losses of up to $1 trillion in 2020, as a result of the Covid-19 virus pandemic, where almost all companies implemented work from home policies which caused digital security to become looser.
Projections of up to $945 billion in losses, from a new report released from the Center for Strategic and International Studies (CSIS) and computer security company McAfee, are nearly double the $500 billion in monetary losses from cybercrime in 2018.
According to a survey conducted by the Directorate of Cyber Crime, Bareskrim Polri (Dittipidsiber), there were 90 million cases of cyber attacks in Indonesia.
Apart from that, Indonesia is also included in the list of countries that are vulnerable to cybercrime attacks, according to the Financial Services Information Sharing and Analysis Center (FS-ISAC), Indonesia itself is in 9th position.
Netwalker ransomware stops Argentina immigration services
Dirección Nacional de Migraciones, Argentina's Immigration office, suffered a ransomware attack and had to temporarily suspend the country's border services.
This attack was discovered in the morning, August 27 2020.
As a result, activities were delayed for up to 4 hours because the IT team had to inspect the problem and wait until the server was running again.
The pandemic period has also become an easy target for hackers who continue to try to break into company system security, due to high internet usage where almost everyone works from home.
Quoted from BSSN, the most attacks were received in March, reaching 22 cyber attacks using the Covid-19 pandemic as the background issue.
These attacks include various types of attacks including the HawkEye Reborn Trojan, Blackwater malware, BlackNET RAT, DanaBot Banking Trojan, Spynote RAT, Netwalker ransomware, Cerberus Banking Trojan, Ursnif malware, Adobot Spyware, Metasploit Downloader Trojan, Projectspy Spyware, Anubis Banking Trojan, Adware, Hidden Ad (Android), AhMyth Spyware, Metasploit, Xerxes Bot, and Covid19 Tracker Apps.
How cyber attacks work
There are many ways hackers carry out cyber attacks, it is necessary to know and be aware of these attacks so that cloud developers are able to design multiple security solutions.
Malware attacks can be carried out to take over user information in the cloud. Hackers will add implementation services that are “injected” into SaaS or PaaS solutions, or virtual machines, not into IaaS.
If the cloud system is successfully hacked, the system will immediately redirect commands to the module created by the hackers.
Furthermore, attacks can be carried out by sending a series of malicious activities such as stealing data or eavesdropping on activities at the company.
The most common forms of cyber attacks are cross-site scripting and SQL attacks.
During the cross-site scripting process, hackers add malicious scripts (Flash, JavaScript, etc.) to weaken the site page.
German researchers orchestrated an XSS attack on Amazon Web Services in 2011. In this case of SQL injection, cyber-attackers targeted SQL servers with applications to cripple the database.
In 2008, Sony PlayStation fell victim to an SQL attack.
Hackers use cheap cloud services to orchestrate DoS and target brute force attacks on people, companies, or even other cloud service providers.
For example, security experts Bryan and Anderson orchestrated a DoS attack by exploiting the EC2 capacity of Amazon's cloud infrastructure in 2010.
As a result, they make clients disconnected from the internet just by lending virtual services of IDR 100,000.
How to keep cloud-based solutions secure
Indeed, this cloud service provider cannot guarantee the complete security of data in the cloud. One responsibility also lies with the users themselves.
While the best way to protect your data is to provide multiple protections, cloud service providers must also have specific strategies to provide security that can be tailored to each industry.
When providing cloud services, software vendors must limit the scope of their responsibilities for protecting user data and operations in the cloud within security policies.
Inform your clients about what you do to ensure cloud security as well as what security measures they need to take on their part.
Stealing passwords is the most common way to access user data and services in the cloud.
That's why cloud developers must implement strong authentication and identity management.
There are various tools that require both static passwords and dynamic passwords. The latter confirms user credentials by providing a one-time password on the phone or using a biometric scheme or hardware token.
To improve service security, cloud developers should let cloud users assign role-based permissions to different administrators so that users only have the capabilities defined for them.
Additionally, the cloud orcation should allow privileged users to define the scope of other users' permissions according to their duties within the enterprise.
Restricting access to cloud services is necessary to prevent attackers from gaining unauthorized access to user operations and data through vulnerabilities in cloud services.
When designing a cloud service architecture, minimize event handler permissions to only those needed to execute specific operations.
Additionally, you can limit security decisions to only cloud services that users trust to manage the security of their data.
Data needs to be encrypted before it even enters the cloud. Modern data encryption and tokenization technology is an effective defense against account hijacking.
Additionally, it is important to prove end-to-end encryption to protect data in transit against man-in-the-middle attacks.
Using a strong encryption algorithm containing salt and hash can effectively deflect cyber attacks.
Data stored in the cloud is also vulnerable to accidental damage, so you can also ensure its recovery by providing data backup services.
Cloud computing technology is very popular among users because of its many advantages.
However, this technology also introduces vulnerabilities that can become new vectors for cyber attacks.
By understanding how cybercriminals carry out attacks on cloud computing and cloud developers can better protect their products.
Existing Google Cloud customers should implement the security features available to them to stay safe from cyber attacks.
Potential customers can also talk to us to know more about the security measures that can be used for your business.
