As government agencies push more of their IT services to the cloud, hackers can use the confusion of traffic across those networks to mask malicious behavior, a new Cisco report warns.
“Adversaries have a lot of internet ‘noise’ to use as cover because many in the public sector may rely on cloud-based services like Google Docs and Dropbox to do their work, regardless of whether these services are offered or systemically endorsed by their agencies,” the report said.
Attackers use this noise to register accounts on non-endorsed services, start a web page on the public internet, usurp encryption and conduct other malicious activities, according to the report.
And though 74 percent of government respondents to a Cisco 2018 Security Capabilities Benchmark Study said that they prefer an on-premise cloud, they were almost equally supportive of using a third party to manage that versus doing so themselves.
Federal agencies have felt a concerted push to move sizeable portions of their data and programs to the cloud as initiatives out of the White House, such as the IT Modernization Report to the President released in December 2017, call for increased emphasis on cloud-based and shared services.
Cloud does offer increased security capabilities, as services and infrastructure for the cloud are often easier and faster to update with security patches, In addition, agencies are able to purchase security service capabilities for their cloud environments, because the threat is always evolving.
The Cisco report recommended that agencies employ machine-learning capabilities to get better visibility into the activity occurring in their cloud environments.
“If an agency’s IT team can start predicting user behavior in terms of downloads, they can save the time it might take to investigate legitimate behavior. They can also step in to stop a potential attack or data-exfiltration incident before it happens,” the report said.
In addition to cloud vulnerabilities, the report also warned of increased risks from the internet of things, distributed denial of service, email phishing and malware disguised as ransomware attacks.
“Public-sector defenders are implementing a complex mix of products from a cross-section of vendors: an arsenal of tools that may muddy rather than clarify the security landscape,” the report said.
“This complexity has many downstream impacts for orchestrating alerts, with data indicating that gaps continue to exist between alerts generated, those that have been investigated, and those that are eventually remediated.”