Dyre Straits: Why This Cloud Attack's Different
Dyre is a new breed of Trojan, attacking cloud apps and using the cloud as a delivery vehicle.
first selecting cloud providers that meet your data security and governance requirements and blocking access to the riskiest services that do not meet minimum standards to prevent corporate data from being uploaded to shadow IT cloud services.
This step is not enough. File-sharing services, the main vector for distributing Dyre, are categorized correctly by only 43% of web proxies and firewalls, making it difficult to block them at the network level. Robust security education and awareness are crucial to deter employees from downloading apps that can't be blocked effectively, and also to promote less-risky apps that could have value for the company if used properly.
Dyre is densely packaged and obfuscated, making detection by antivirus software difficult. At the time of this writing, only half of antivirus software systems are able to detect Dyre on client computers. Your company should ensure that antivirus software on employee machines is configured to update virus definitions periodically to offer some level of protection against the current version of Dyre as well as future variants that will likely emerge in the coming months and years.
Protecting essential SaaS apps
So far I've discussed traditional approaches to security on premises, but let's also cover some security steps companies can take to make cloud applications like Salesforce as secure as possible.
Salesforce is one of the most secure cloud platforms in the world, offering a wide range of security features not employed by all cloud providers. One of the most powerful is multi-factor authentication, which is offered by just 16% of cloud providers. When you have multi-factor authentication turned on, the first time a user accesses Salesforce.com from a computer using his username and password, he receives an SMS message with a code he must enter to gain access. This extra step makes it more difficult for attackers with stolen credentials to gain access since hackers typically don't also have access to the cellphone of the person whose login credentials they stole. Another tool available to Salesforce.com customers is IP whitelisting, which enables you to allow access only from IP addresses on your corporate network. This is also an option for companies whose remote users have VPN access.
Given the success of Dyre, we can expect to see new variants emerge in the same way the Zeus Trojan continued to harm companies for years after it was released into the wild. It's also clear the cloud is here to stay, and we'll likely see more attacks using the cloud as a vector for delivering malware, and with secure cloud services like Salesforce.com as targets of attackers.
If there's a bright side to this incident, it's that cloud services are providing value, as evidenced by companies relying on them for business-critical functions and data. Unfortunately, attackers always go where the data is. However, using a multi-layered approach, companies can significantly decrease their exposure to attacks on cloud data.
Cloud Connect (Sept. 29 to Oct. 2, 2014) brings its "cloud-as-business-enabler" programming to Interop New York for the first time in 2014. The two-day Cloud Connect Summit will give Interop attendees an intensive immersion in how to leverage the cloud to drive innovation and growth for their business. In addition to the Summit, Interop will feature five cloud workshops programmed by Cloud Connect. The Interop Expo will also feature a Cloud Connect Zone showcasing cloud companies' technology solutions. Register with Discount Code MPIWK or $200 off Total Access or Cloud Connect Summit Passes.
About the Author
You May Also Like