According to Alert Logic’s semi-annual 'State of the Cloud Security Report', which tracks attacks by characteristic, the number of incidents per impacted customer was higher in the on-premise environment than cloud-based in the last six months. That goes for attacks across every incidence class, including web application attacks, brute force attacks and reconnaissance attacks.
Across the board, about half of all enterprises are victims of web application attacks. These were experienced by 53% in service provider environments and 44% in on-premise environments. The worrisome part is that a majority of these, Alert Logic said, were launched using easy-to-implement automated tools available online.
“Even the most novice hacker [can become] a professional,” Alert Logic noted ominously.
Meanwhile, the decision to run with a cloud-delivered service is often undertaken with an eye to the type of business that will be implementing it. Small and medium-sized businesses, particularly local businesses, often adopt web-based, pay-as-you-go, per-seat types of services, because they don’t require much in the way of upfront capital investment and often deliver big-enterprise functionality that would have otherwise been prohibitively expensive.
But Alert Logic says that it’s not safe to assume that one’s industry is not targeted by attackers, or that an organization is too small to be targeted. The study found that variations in threat activity among industries are less important than the environment where infrastructure is located. Analysis suggests that attackers are using reconnaissance techniques to identify and exploit targets – in other words, many attacks are simply opportunistic in nature.
More specifically, it’s unsecured personal computers that lead to high attack rates, particularly in the US, where a large number of unsecured personal computers with access to broadband connections are attractive targets for hackers in other countries and used for botnet attacks.
Geographically, the US was the country of origin for 33% of the incidents analyzed in this study, including 35.4 web application attacks per impacted customer. Otherwise, global indicators reveal that attacks originating in the East lead to breaches in the West: China accounted for 16% of the attacks, ranking second.
The research noted an especially high frequency of incidents per customer for reconnaissance attempts originating in China. This suggests a scenario in which hackers in China are doing reconnaissance, identifying vulnerable workstations in the bandwidth-rich US, adding those machines to botnets and using them to launch attacks on nearby targets.
All food for thought while mulling over a possible cloud services strategy. Cloud can be safe – with proper security measures in place. And, CIOs and IT managers take note – the results of the study are statistically relevant: Alert Logic analyzed operational data from business customers in both on-premise and service provider environments and compared the occurrence, frequency and diversity of incidents across seven categories of security threats. A full 1.5 billion security events observed during the study period were evaluated, correlated and reviewed by Alert Logic’s security analysts. From this pool of events, over 70,000 security incidents were verified and classified into seven incident categories.