Dyre Straits: Why This Cloud Attack's Different - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Cloud // Software as a Service
Commentary
9/12/2014
12:10 PM
Kaushik Narayan
Kaushik Narayan
Commentary

Dyre Straits: Why This Cloud Attack's Different

Dyre is a new breed of Trojan, attacking cloud apps and using the cloud as a delivery vehicle.

Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
SachinEE
50%
50%
SachinEE,
User Rank: Ninja
9/26/2014 | 12:12:33 AM
Nice insight on cloud vulnerabilities
There is no doubt that cloud computing holds the future of all companies and organizations, but not as long as security issues keep on popping up so consistently. Many companies are actually deferring cloud services due to security concerns. Cloud will continue to grow as more users access their files stored in the cloud through portable devices such as tablets and smartphones. Companies should put up measures such as protecting credentials from being stolen to safeguard against data loss, leakage and account hijacking.
nomii
50%
50%
nomii,
User Rank: Ninja
9/15/2014 | 7:09:26 AM
Re: Salesforce.com Customers: Heed This Advice
This multifactor authentication has already been used by many financial institutions for their web based solutions like internet and mobile banking. It is good to see the feature is being adopted in other industries as well. This idea will be widely accepted by the customer especially after what happened with iCloud.
danielcawrey
50%
50%
danielcawrey,
User Rank: Ninja
9/14/2014 | 1:46:43 PM
Re: Salesforce.com Customers: Heed This Advice
This is exactly why everyone should be using two-factor authentication.

I know its a royal pain to use sometimes, but man is it effective in stopping these "crime as a service" attack vectors. It's not necessarily the answer to every type of attack, but it is a good measure to reduce issues. 
D. Henschen
50%
50%
D. Henschen,
User Rank: Author
9/12/2014 | 3:06:37 PM
Salesforce.com Customers: Heed This Advice
Beyond making sure all employees have up-to-date anit-virus software, the key advice from this article for SFDC customers:

Salesforce offers... a powerful multi-factor authentication feature, which is offered by just 16% of cloud providers. When you have multi-factor authentication turned on, the first time a user accesses Salesforce.com from a computer using his username and password, he receives an SMS message with a code he must enter to gain access. This extra step makes it more difficult for attackers with stolen credentials to gain access since hackers typically don't also have access to the cellphone of the person whose login credentials they stole. Another tool available to Salesforce.com customers is IP whitelisting, which enables you to allow access only from IP addresses on your corporate network. This is also an option for companies whose remote users have VPN access.

 

Slideshows
10 RPA Vendors to Watch
Jessica Davis, Senior Editor, Enterprise Apps,  8/20/2019
Commentary
Enterprise Guide to Digital Transformation
Cathleen Gagne, Managing Editor, InformationWeek,  8/13/2019
Slideshows
IT Careers: How to Get a Job as a Site Reliability Engineer
Cynthia Harvey, Freelance Journalist, InformationWeek,  7/31/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
Slideshows
Flash Poll