Page 1 of 2
Attacker access to cloud-computing platforms has become an epidemic and may need a global consortium to better educate cloud providers and help reduce the problem, according to a cloud expert who leads Dimension Data's global cloud initiatives.
Account fraud, account hijacking and the use of stolen credentials to gain criminal access to cloud-computing resources has been a longstanding issue, which is becoming a serious problem that impacts all cloud providers, said John Rowell, formerly chief technology officer at cloud provider OpSource, who now leads global research and development, and service operations in Dimension Data's Cloud Solutions Business Unit. Rowell said his firm works constantly to weed out fraudulent accounts and address the issue, but other providers may lack the desire or the wherewithal to deal with the problem.
"It's something the industry, in general as a group, and especially cloud providers, need to come together and start to talk about," Rowell told CRN. "We are giving these end users -- if you are not careful and not policing your fraudulent accounts and policing who is signing up for your systems -- we are giving them the platform to launch their attacks."
[Related: Dimension Data CEO Lays Out $12 Billion Plan]
The 2013 Verizon Data Breach Investigations Report found configuration weaknesses, software vulnerabilities and stolen account credentials consistently being used by attackers across the board. Financially motivated cybercriminal gangs that conduct smash-and-grab attacks to steal credit cards; hacktivists out to disrupt and embarrass businesses; and nation-state-driven attackers who steal intellectual property use stolen credentials, and often leverage the resources of cloud-hosting providers to direct their attack campaigns and upload and temporarily store stolen data.
"It's a real problem that is only going to get worse," Rowell said. "Cloud computing has enabled these guys to launch significant attacks with not much investment."
In this interview with CRN, Rowell addresses the impact that distributed denial of service attacks are having on the industry; he explains why cybercrime is driving Dimension Data to roll out two-factor authentication support globally and talks about how global expansion into emerging markets has made network availability a constant problem.
CRN: Denial of service attacks have gotten a lot of attention in recent months. Has that had a major impact on cloud providers? Do you consider it a serious threat?
John Rowell: It's a serious threat. It's a very common occurrence. It is typically easy for guys that want to launch a DDoS attack just by acquiring a stolen credit card. They can acquire DDoS or services online or acquire it by creating their own servers. There's a high frequency of attacks. On our platform, we've seen attacks that have gone up to 80 to 90 gigabytes, and they are impressive attacks. They are very large attacks that come across the infrastructure. We have a set of tools that we not only consume from third parties, but we have also built ourselves to go out and deal with that. It's something the industry, in general as a group, and especially cloud providers, need to come together and start to talk about. We are giving these end users -- if you are not careful and not policing your fraudulent accounts and policing who is signing up for your systems -- we are giving them the platform to launch their attacks. A lot of what we do, and it's not a customer-facing feature and function, is review and look at and audit our accounts and our systems. When you first sign up, you are a nontrusted user on the system until we have the ability to validate who you say you are. That prevents guys from launching a DDoS attack using our systems.
CRN: These guys also are setting up botnet command and control servers as well.
JR: There's a combination of things that these guys do. It's disappointing but some of the other providers just choose not to address it. The thought process might be that the expense is not worth the investment and time or they may not have a very good grasp of the issue. It's a real problem that is only going to get worse. Cloud computing has enabled these guys to launch significant attacks with not much investment.