Dyre Straits: Why This Cloud Attack's Different - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Cloud // Software as a Service
Commentary
9/12/2014
12:10 PM
Kaushik Narayan
Kaushik Narayan
Commentary
50%
50%

Dyre Straits: Why This Cloud Attack's Different

Dyre is a new breed of Trojan, attacking cloud apps and using the cloud as a delivery vehicle.

first selecting cloud providers that meet your data security and governance requirements and blocking access to the riskiest services that do not meet minimum standards to prevent corporate data from being uploaded to shadow IT cloud services.

This step is not enough. File-sharing services, the main vector for distributing Dyre, are categorized correctly by only 43% of web proxies and firewalls, making it difficult to block them at the network level. Robust security education and awareness are crucial to deter employees from downloading apps that can't be blocked effectively, and also to promote less-risky apps that could have value for the company if used properly.

Dyre is densely packaged and obfuscated, making detection by antivirus software difficult. At the time of this writing, only half of antivirus software systems are able to detect Dyre on client computers. Your company should ensure that antivirus software on employee machines is configured to update virus definitions periodically to offer some level of protection against the current version of Dyre as well as future variants that will likely emerge in the coming months and years.

Protecting essential SaaS apps
So far I've discussed traditional approaches to security on premises, but let's also cover some security steps companies can take to make cloud applications like Salesforce as secure as possible.

Salesforce is one of the most secure cloud platforms in the world, offering a wide range of security features not employed by all cloud providers. One of the most powerful is multi-factor authentication, which is offered by just 16% of cloud providers. When you have multi-factor authentication turned on, the first time a user accesses Salesforce.com from a computer using his username and password, he receives an SMS message with a code he must enter to gain access. This extra step makes it more difficult for attackers with stolen credentials to gain access since hackers typically don't also have access to the cellphone of the person whose login credentials they stole. Another tool available to Salesforce.com customers is IP whitelisting, which enables you to allow access only from IP addresses on your corporate network. This is also an option for companies whose remote users have VPN access.

Given the success of Dyre, we can expect to see new variants emerge in the same way the Zeus Trojan continued to harm companies for years after it was released into the wild. It's also clear the cloud is here to stay, and we'll likely see more attacks using the cloud as a vector for delivering malware, and with secure cloud services like Salesforce.com as targets of attackers.

If there's a bright side to this incident, it's that cloud services are providing value, as evidenced by companies relying on them for business-critical functions and data. Unfortunately, attackers always go where the data is. However, using a multi-layered approach, companies can significantly decrease their exposure to attacks on cloud data.

Cloud Connect (Sept. 29 to Oct. 2, 2014) brings its "cloud-as-business-enabler" programming to Interop New York for the first time in 2014. The two-day Cloud Connect Summit will give Interop attendees an intensive immersion in how to leverage the cloud to drive innovation and growth for their business. In addition to the Summit, Interop will feature five cloud workshops programmed by Cloud Connect. The Interop Expo will also feature a Cloud Connect Zone showcasing cloud companies' technology solutions. Register with Discount Code MPIWK or $200 off Total Access or Cloud Connect Summit Passes.

Kaushik Narayan is a Co-Founder and CTO at Skyhigh Networks, a cloud security company, where he is responsible for Skyhigh's technology vision and software architecture. He brings over 18 years of experience driving technology and architecture strategy for enterprise-class ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
SachinEE
50%
50%
SachinEE,
User Rank: Ninja
9/26/2014 | 12:12:33 AM
Nice insight on cloud vulnerabilities
There is no doubt that cloud computing holds the future of all companies and organizations, but not as long as security issues keep on popping up so consistently. Many companies are actually deferring cloud services due to security concerns. Cloud will continue to grow as more users access their files stored in the cloud through portable devices such as tablets and smartphones. Companies should put up measures such as protecting credentials from being stolen to safeguard against data loss, leakage and account hijacking.
nomii
50%
50%
nomii,
User Rank: Ninja
9/15/2014 | 7:09:26 AM
Re: Salesforce.com Customers: Heed This Advice
This multifactor authentication has already been used by many financial institutions for their web based solutions like internet and mobile banking. It is good to see the feature is being adopted in other industries as well. This idea will be widely accepted by the customer especially after what happened with iCloud.
danielcawrey
50%
50%
danielcawrey,
User Rank: Ninja
9/14/2014 | 1:46:43 PM
Re: Salesforce.com Customers: Heed This Advice
This is exactly why everyone should be using two-factor authentication.

I know its a royal pain to use sometimes, but man is it effective in stopping these "crime as a service" attack vectors. It's not necessarily the answer to every type of attack, but it is a good measure to reduce issues. 
D. Henschen
50%
50%
D. Henschen,
User Rank: Author
9/12/2014 | 3:06:37 PM
Salesforce.com Customers: Heed This Advice
Beyond making sure all employees have up-to-date anit-virus software, the key advice from this article for SFDC customers:

Salesforce offers... a powerful multi-factor authentication feature, which is offered by just 16% of cloud providers. When you have multi-factor authentication turned on, the first time a user accesses Salesforce.com from a computer using his username and password, he receives an SMS message with a code he must enter to gain access. This extra step makes it more difficult for attackers with stolen credentials to gain access since hackers typically don't also have access to the cellphone of the person whose login credentials they stole. Another tool available to Salesforce.com customers is IP whitelisting, which enables you to allow access only from IP addresses on your corporate network. This is also an option for companies whose remote users have VPN access.

 

Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
Commentary
If DevOps Is So Awesome, Why Is Your Initiative Failing?
Guest Commentary, Guest Commentary,  12/2/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll