eBooks/eGuides

CHAPTER 2 Security Challenges in Hybrid Clouds 25 These materials are © 2020 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. Command-and-control (C2) refers to communications traffic between malware and/or compromised systems and an attacker's remote server infrastructure used to send and receive malicious commands or exfiltrate data. Credential theft Users and their credentials are among the weakest links in an organization's security infrastructure. According to Forrester Research, at least 80 percent of data breaches today involve RANSOMWARE: LOCKERGOGA The LockerGoga ransomware was first publicly reported in January 2019 by Bleeping Computer, which tied the malware to an attack against French engineering company Altran Technologies. Several variants have since been found in the wild, where they were used in attacks against Norwegian aluminum manufacturer Norsk Hydro and two chemical companies: Hexion and Momentive. Currently, LockerGoga does not support any worm-like capabilities that would allow it to self-propagate by infecting additional hosts on a target network. LockerGoga has been observed moving around a net- work via the Server Message Block (SMB) protocol, which indicates the actors simply manually copy files from computer to computer. LockerGoga's developers continue to add capabilities and launch new attacks. The addition of WS2_32.dll and use of undocumented Windows application programming interface (API) calls indicates a level of sophistication beyond typical ransomware authors. The former could lead to the eventual inclusion of command-and-control (C2) communication or automated propagation, and the latter requires some working knowledge of Windows internals. These features raise more questions about the actor's intent, as ran- somware is typically one of the least advanced forms of malware. Are they motivated by profits or something else? Has the motive changed over time? Why would developers put so much effort into their work only to partially encrypt files? Why do they include an email address, rather than seeking payment through more frequently used cryptocurrencies?

• Cover
• Title Page
• Copyright Page
• Table of Contents
• Introduction
• About This Book
• Icons Used in This Book
• Chapter 1 The Evolution of the Data Center
• Understanding the Impact of the Cloud on the Data Center
• Recognizing Security Challenges in the Data Center and Hybrid Cloud
• Looking at Why Legacy Security Infrastructure is Ineffective
• Firewalls
• Intrusion prevention
• Proxies
• Defining Security Requirements
• Gain complete visibility
• Minimize the attack surface
• Automate threat protection
• Chapter 2 Security Challenges in Hybrid Clouds
• Cloud Security and The Shared Responsibility Model
• The Dynamic Nature of Modern Threats
• Ransomware
• Credential theft
• DNS-based attacks
• Targeted "Low-and-Slow" Attacks and APTs
• Chapter 3 Delivering Consistent Security Using Zero Trust
• Gaining Complete Visibility
• Application identification
• User identification
• Content identification
• Minimizing Your Attack Surface with Segmentation
• Using Dynamic Security to Support Moves and Changes
• Chapter 4 Leveraging Unmatched Threat Protection
• The Challenges of Defense in Depth
• What Is a Perimeter?
• Threat Protection Components
• Endpoint protection
• Security orchestration and automation
• Cloud-based threat intelligence
• Chapter 5 Ten Evaluation Criteria for Network Security in the Data Center and Hybrid Cloud Environment
• Safe Enablement of Applications in the Hybrid Cloud
• Identify Users and Enable Appropriate Access
• Comprehensive Threat Protection
• Flexible, Adaptive Integration
• Secure Access for Mobile and Remote Users
• One Comprehensive Policy, One Management Platform
• Cloud Ready
• Automate Routine Tasks and Focus on the Threats That Matter
• Flexible Deployment Options
• Consume New Innovations Easily in a Broad Partner Ecosystem
• Glossary
• EULA