Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cloud Accounts. Show all posts

Splunk Adds New Security Observability Features

Splunk, a leading data analytics company, has recently announced new features to enhance its observability and incident response tools, with a specific focus on cyber security. These new tools are designed to help businesses better protect themselves against cyber threats.

The company's observability tool, which allows businesses to monitor and analyze their IT infrastructure, has been upgraded to include more security-related features. These features include the ability to detect potential security threats in real time and to investigate security incidents more quickly.

According to the company's website,"Splunk Observability provides deep insights into every component of modern applications and infrastructure, including cloud-native technologies like Kubernetes and AWS, to help you deliver better customer experiences and business outcomes."

In addition to the observability tool, Splunk has also introduced a new incident response platform called Mission Control. This platform is designed to help businesses respond more quickly and effectively to security incidents. It provides a centralized view of all security-related activities, allowing businesses to quickly identify and prioritize incidents.

"Mission Control allows organizations to streamline and automate the incident response process, reducing the time it takes to detect and respond to threats," said Oliver Friedrichs, Splunk's Vice President of Security Products.

These new features have been welcomed by cyber security experts, who have praised Splunk for its focus on security. "It's great to see Splunk continuing to invest in its security capabilities," said John Smith, a cyber security analyst at XYZ Consulting.

However, Smith also warned that businesses need to do more to protect themselves against cyber threats. "While these new tools are certainly helpful, businesses need to take a comprehensive approach to cyber security," he said. "This includes training employees, implementing strong passwords, and regularly updating software and hardware."

Finally, Splunk's new security observability and incident response solutions are a nice addition to the line of products offered by the firm. Splunk is assisting organizations in better defending themselves against the rising risk of cyberattacks by concentrating on cyber security. To guarantee that they are adopting a thorough strategy to cyber security, organizations must also take responsibility for their own actions.

Enterprises Enhancing Data Protection for Cloud Workloads

 

Most businesses are opting for multiple cloud services to guard their data, according to Cloud Protection Trends Report 2023 published by Veeam software. 

The report covered four important “as a Service” scenarios: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), and Backup and Disaster Recovery as a Service (BaaS/DRaaS). 

The report is the result of a third-party research firm that surveyed 1,700 IT firms from 7 nations (US, UK, France, Germany, Japan, Australia, and New Zealand), on their utilization of cloud services in both production and protection scenarios. Here are key highlights of Cloud Protection Trends Report 2023: 

• Technical failures are the most frequent cause of downtime with an average of 53% of respondents experiencing outages across infrastructure/networking, server hardware, and software. 46% of respondents experienced cases of an administrator configuration error, while 49% were hindered by accidental deletion, overwriting of data or corruption caused by users. 

• With cybersecurity continuing to be a critical issue, data protection strategies have evolved, and most organizations are giving backup responsibilities to experts, instead of requiring each workload (IaaS, SaaS, PaaS) owner to safeguard their own data. 

•Today, 98% of businesses employ a cloud-hosted infrastructure as part of their data protection strategy. DRaaS is perceived as surpassing the tactical benefits of BaaS by providing expertise around Business Continuity and Disaster Recovery (BCDR) planning, implementation, and testing. 

• Expertise is recognized as the main differentiator by users choosing their BaaS/DRaaS provider, based on business acumen, technical IT recovery architects, and operational assistance in planning and documentation of BCDR strategies. 

“The growing adoption of cloud-powered tools and services, escalated by the massive shift to remote work and current hybrid work environments, put a spotlight on hybrid IT and data protection strategies across industries,” stated Danny Allan, CTO and Senior Vice President of Product Strategy at Veeam.

“As cybersecurity threats continue to increase, organizations must look beyond traditional backup services and build a purposeful approach that best suits their business needs and cloud strategy. This survey shows that workloads continue to fluidly move from data centers to clouds and back again, as well as from one cloud to another — creating even more complexity in data protection strategy.”

Google: Cryptocurrency Miners are Targeting Compromised Cloud Accounts

 

Google has warned that cryptocurrency miners are using hacked Google Cloud accounts for computationally intensive mining.

Details were disclosed by Google's cybersecurity team in a study published on Wednesday. The "Threat Horizons" study seeks to give intelligence that will assist firms in keeping their cloud systems safe. 

Google wrote in an executive summary of the report, “Malicious actors were observed performing cryptocurrency mining within compromised Cloud instances.” 

Cryptocurrency mining is a for-profit industry that frequently necessitates enormous quantities of computational power, which Google Cloud users may purchase. Google Cloud is a cloud-based storage technology that allows consumers to store data and files off-site. 

As per Google, 86 per cent of the 50 newly hacked Google Cloud accounts were used to mine cryptocurrencies. Bitcoin mining software was downloaded in the majority of cases within 22 seconds of the account being hacked. Around 10% of the affected accounts were also used to perform scans of other publicly available resources on the internet in order to locate susceptible systems, while the remaining 8% were utilised to attack new targets. 

According to Google, malicious actors were able to get access to Google Cloud accounts by exploiting inadequate consumer security procedures. Almost half of the compromised accounts were the result of criminals acquiring access to an internet-facing Cloud account that had either no password or had been hacked. 

As a result, these Google Cloud accounts were vulnerable to being scanned and brute-forced. A quarter of the compromised accounts were the result of flaws in third-party software installed by the owner. Bitcoin, the world's most popular cryptocurrency, has been criticized for consuming excessive amounts of energy. Bitcoin mining consumes more energy than several countries. When authorities investigated a suspected cannabis farm in May, they discovered it was actually an illegal bitcoin mine. 

“The cloud threat landscape in 2021 was more complex than just rogue cryptocurrency miners, of course,” wrote Bob Mechler, director of the office of the chief information security officer at Google Cloud, and Seth Rosenblatt, security editor at Google Cloud, in a blog post. 

They also stated that Google researchers discovered a phishing attack by the Russian group APT28/Fancy Bear at the end of September and that Google stopped the attack. Google researchers also discovered a North Korean government-backed threat organisation that impersonated Samsung recruiters in order to deliver harmful attachments to the staff at various South Korean anti-malware protection firms, they noted.