The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. In 2016 CSA released ‘Treacherous 12: Top Threats to Cloud Computing + Industry Insights’article to provide readers with a real-world glimpse into what is currently occurring in the security industry. InstaSafe has refreshed release to the 2016 article that includes new real-world anecdotes and examples of recent incidents that relate to each of the 12 cloud computing threat categories identified in the original paper.
“It’s our hope that these updates will not only provide readers with a more relevant context in which to evaluate the top threats but that the enhanced article will provide them with a real-world glimpse into what is currently occurring in the security industry.
Denial-of-service (DoS) attacks are attacks meant to prevent users of a service from being able to access their data or their applications. The attacks typically flood servers, systems or networks with traffic in order to overwhelm the victim resources and make it difficult or impossible for legitimate users to use them. While an attack that crashes a server can often be dealt with successfully by simply rebooting the system, flooding attacks can be more difficult to recover from.
DoS attacks are often targeted towards web servers of high-profile organizations such as banking, commerce, and media companies, or government and trade organizations. Though DoS attacks do not typically result in the theft or loss of significant information or other assets, they can cost the victim a great deal of time and money to handle.
A successful DDoS attack is a highly noticeable event impacting an entire online user base. This makes it a popular weapon of choice for hacktivists, cybervandals, extortionists and anyone else looking to make a point or champion a cause.
11.2 Business Impacts
DDoS assaults often last for days, weeks and even months at a time, making them extremely destructive to any online organization. Amongst other things, DDoS attacks can lead to loss of revenues, erode consumer trust, force businesses to spend fortunes in compensations and cause long-term reputation damage.
In some cases, DDoS attacks have served as a smokescreen for attacks taking place elsewhere in the environment while defenders are occupied with the DDoS. From a risk standpoint, DoS attacks may be more likely in the cloud because other tenants are coming under fire. Cloud providers, however, may be better equipped to mitigate DoS attacks in general.
Although there is not much that can be done to stop these attacks, some basic prevention steps that can be taken include monitoring the traffic for abnormalities, keeping security definitions up-to-date, and being aware of the latest threats via social platforms. System administrators must be able to immediately access resources that can be used as mitigation
11.3 Anecdotes and Examples
One of the world’s largest distributed denial of service attack to date – measuring 1.35 Tbps was on GitHub knocking them offline for a few minutes in February 2018. The massive attack hit at 17:21 UTC. During the attack, the popular code sharing website admins noticed thousands of systems and devices slamming GitHub’s web servers. The sheer volume of data overwhelmed GitHub’s computers, causing them to stop responding to legit users, and effectively fall offline.
Electroneum cryptocurrency startup had crowdfunded $40 million worth of Bitcoin and Ether following an initial coin offering (ICO). Just before it launched its mobile mining app on November 2, the company’s website suffered a DDoS attack.
The campaign led Electroneum to lock investors out of their accounts while it worked to restore its network access. In the meantime, the Financial Conduct Authority took a moment to remind investors that ICOs offer no protection, which means investors should “be prepared to lose [their] entire stake.”
1. The Treacherous 12 – Cloud Computing Top Threats in 2016
2. What Is A Denial Of Service Attack (Dos)?
3. Distributed Denial Of Service Attacks
4. Definition of ‘Denial-of-service Attack’
5. Gits club GitHub code tub with record-breaking 1.35Tbps DDoS drub
6. Notable DDoS Attacks of 2017