Proxy Technology Is Driving The Next Generation Of Cloud Security Digital Asset Protection

A shift towards a stakeholder-centric approach is helping enterprises prevent real-time threats on mission-critical services, and assets, significantly reducing collateral damage
proxy networks used to collect data for cyber security
Omri Orgad | Managing Director, North America
14-Feb-2021
Share:

In this article we will discuss:

Digital pirates pose very real threats

Malicious actors are constantly scanning the web looking for weak points of access and corporate vulnerabilities they can exploit. HBO, Xerox, Garmin, ExecuPharm and several hospital systems and local governments across the US and the world have fallen victim to ransomware attacks. According to the FBI, 2019 saw 467,361 reports of such attacks with cumulative losses reaching in excess of $3.5 billion.

Popular modes of attack

Here are the most common ways in which fraudsters hold corporations at ‘digital gunpoint’:

Real-time breaches

In this instance, cybercriminals gain access to corporate calendars and email them while a high ranking executive is in middle of an important meeting. They will typically send an email or social media along the lines of ‘Pay $X or we will shut down mission-critical service’, this could be anything from customer accounts and internal networks to servers and employee work environment paralysis.

Blackmail

This can take place in or out of real-time. The threat here is usually the release of classified company documents, customer personal/payment details, and/or corporate discretions identified by hackers.

Phishing attempts

This type of attack includes some form of impersonation (either of individuals or corporate entities) in order to gain access to private information. Many times these attempts are initiated via a seemingly harmless email which typically contains an urgent call to action.

Business Email Compromise (BEC)

BEC is usually carried out in an attempt to gain access and control of email accounts used for bank, money order, wire transfers, and any other financial transaction authorized via email clients. The malicious party then makes unauthorized transfers to offshore accounts or purchases untraceable cryptocurrencies.

High profile ransomware attacks

Here are some examples of companies that were hit with costly cyber hostage situations:

EMCOR Group – Ryuk

EMCOR Group which is an engineering and industrial construction company was hit with a ransomware attack dubbed ‘Ryuk’ in 2020. EMCOR was exposed to this virus via a malicious phishing email which included links and attachments which served as the initial gateway. Ryuk hackers typically lock companies out of mission-crucial networks in exchange for ransom in the amount of $300,000+, making it one of the most pricy cyberattacks in the history of the internet.

Colorado Department of Transportation (CDT) – SamSam

In 2018, the CDT along with other local government agencies in the US had their operations at a standstill due to the then novel SamSam ransomware. This virus takes advantage of Remote Desktop Protocols (RDPs) and File Transfer Protocols (FTPs) to make day-to-day operations impossible until ransom is paid. One Indiana-based hospital was reported to have paid $55k before it could resume life saving treatments.

How cloud security providers are harnessing proxy technology to combat cyber threats

Security scanning and testing is highly sensitive to the type and variety of IPs that cloud security providers use. When attempting to carry out protective measures, most companies use a very limited ecosystem of IPs that fail to mimic what happens in reality, which means that they experience high vulnerability during real-world attacks.

Global proxy networks are helping these companies are helping cloud security providers position their clients more strategically to be ready for ‘states of emergency’. By leveraging real-peer IPs, they are able to mimic real-world user behavior using city, country, and ASN targeting. This helps prepare systems and algorithms with correlating cyberattacks from a wide variety of geolocations, devices, and service providers from across the globe.

A people-centric approach

Cloud security providers are changing their approach. They realize that it may be impossible to protect all people all the time, and instead are focused on protecting key corporate stakeholders and assets. For example, an enterprise may choose to focus on and prevent fraud specifically aimed at their Chief Financial Officer (CFO). This decision may stem from the fact that he or she is the gatekeeper of corporate funds or because the person in question is a key knowledge source.

In order to carry out this strategy, security providers scan the web for crucial person-specific data points (‘whois data’) that enables them to keep corporate targets safe. This enables them to create a data pool and a ‘risk map’ so they can target malicious actors in and out of real-time.

Hundreds of millions of domains can and are probed/scanned for data points on a daily basis in order to collect domain-specific information (e.g. taking screenshots, and collecting relevant headers etc).

Once checks are completed utilizing a global proxy network, cybersecurity teams can focus their energy and resources on specific malicious websites and high risk entities which can be extremely useful once a ransomware attack has been initiated.

What’s next?

Looking at what’s happening at present here are the top 4 cybersecurity trends, I see taking shape in the cybersecurity space:

One: Working from home will create new corporate vulnerabilities and cybersecurity demands will change based on these new behavioral norms. People working from home on unprotected commercial internet networks, for example, will become easier targets.

Two: The flourishing migration to cloud-based services will create increased data-in-transit issues creating a need for beefed up parsing and security technology.

Three: Social media will take center stage as the preferred delivery mechanism for corporate attacks, viruses, and ransomware.

Four: SMBs and SMEs will continue to join the digital transformation creating more targets for fraudsters and an increased demand for cybersecurity solutions.

Omri Orgad | Managing Director, North America

A tech-savvy business leader with extended experience working in the network, software, and security industries. Deep familiarization with multiple global markets, serving in several senior leadership technology-based roles. Vast experience in business negotiation, forming strategic profitable partnerships with large-scale enterprises as well as working with start-ups and SMEs accelerating their growth and entering new markets.

Share: