Cloud Security Exploits By The Numbers

On High Alert

AlertLogic, a Houston-based cloud security company, has issued a report on cloud security, based on threat data from more than 1,800 customers. The data cut used in this slideshow focuses on cloud-hosting provider customers served by AlertLogic. "Occurrence" is defined as the percentage of customers impacted by each threat type. "Incident Frequency" translates to how often impacted cloud-hosting provider customers experienced each threat type, by average. The major finding, according to the vendor, suggests that on-premise security may not be stronger than security in the cloud.

Web Application Attack

Web application attacks typically target the presentation, logic or database layer of web applications, as is the case in a SQL injection. This tactic is in fairly wide use by bad guys targeting cloud-based infrastructure. Customers, and channel partners serving these customers, should keep an eye out for this type of exploit; ask plenty of questions of service providers as to how they combat them.

Incident Occurrence: 52 percent
Incident Frequency: 13.6

Brute Force

These exploits effectively seek to leverage the mathematical limitations of password variables. These are typically done by high-speed computers, as opposed to humans, who are known for their slower typing skills and their susceptibility to boredom. These attacks are typically discovered through a pattern of numerous credential failures.

Incident Occurrence: 30 percent
Incident Frequency: 31.5

Vulnerability Scan

This variety of exploit is described as attempts to execute automated vulnerability discovery in applications, services or protocol implementations. Similar to the reconnaissance exercise, vulnerability scans are all about identifying potential opportunities to access the data. An unauthorized Nessus scan would be a worthy example of this type of preparatory exploit.

Incident Occurrence: 27 percent
Incident Frequency: 4.8

Reconnaissance

Before the bad guys can attack IT infrastructure, they typically want to know what is on the network so they can better identify vulnerabilities and thereby increase the odds of a successful attack. Reconnaissance activities focus on mapping the networks, applications and/or services through the use of fingerprinting, port scans and similar activities.

Incident Occurrence: 9 percent
Incident Frequency: 1.5

Malware/Botnet

This category spans the range of malicious software installed on a host computer for the purposes of data destruction, information gathering, creation of a backdoor, or some other nefarious activity. There are many variations currently in use, and the number expands exponentially as malware authors seek to stay at least one step ahead of the detection signatures. High-profile examples include Conficker and Zeus, but those are merely two of the more famous ones.

Incident Occurrence: 5 percent
Incident Frequency: 11.3

Application Attack

These are described as exploit attempts against applications or services that are not running over HTTP protocol. Examples include buffer overflows. The data suggests this particular variety is not a huge threat across the landscape of cloud providers, though customers should remain vigilant in monitoring the situation, nonetheless.

Incident Occurrence: 2.6 percent
Incident Frequency: 2.6

Threat Diversity

Cloud-hosting provider customers experienced an average of 1.8 incident types. On-premise customers experienced all types of incidents more frequently, according to the research.