Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Hackers See Opportunities in The Cloud According to DEF CON Survey

A survey conducted at the recent DEF CON Hacker conference in Las Vegas revealed that hackers see the cloud as an attractive hacking target.

The survey, carried out amongst 100 of the IT professionals attending DEF CON, revealed that 96 percent think the cloud will open up more hacking opportunities for them.

Hacking the Cloud

A survey conducted at the recent DEF CON Hacker conference in Las Vegas revealed that hackers see the cloud as an attractive hacking target.

The survey, carried out amongst 100 of the IT professionals attending DEF CON, revealed that 96 percent think the cloud will open up more hacking opportunities for them.

Hacking the Cloud

The poll, sponsored by Fortify Software, showed that 21 percent believe Software-as-a-Service (SaaS) cloud systems are viewed as being the most vulnerable, with 33 percent of the hackers having discovered public DNS vulnerabilities, followed by log files (16 per cent) and communication profiles (12 per cent) in their cloud travels.

“89 percent of respondents said they believed this was the case and, when you analyze this overwhelming response in the light of the fact that 45 percent of hackers said they had already tried to exploit vulnerabilities in the cloud, you begin to see the scale of the problem,” said Barmak Meftah, chief products officer at Fortify. “While ‘only’ 12 percent said they hacked cloud systems for financial gain, that still means a sizeable headache for any IT manager planning to migrate their IT resources into the cloud,” he added.

According to Meftah, when you factor in the prediction from numerous analysts that at the start of 2010 20 percent of businesses would have their IT resources in the cloud within four years, you begin to appreciate the potential scale and complexity of the security issues involved.

In the many predictions, he explained, 20 per cent of organizations would own no appreciable IT assets, but would instead rely on cloud computing resources – the same resources that 45 percent of the DEF CON 2010 attendees in the survey cheerfully admitted to already having tried to hack.

“More than anything, this research confirms our ongoing observations that cloud vendors – as well as the IT software industry as a whole – need to redouble their governance and security assurance strategies when developing solutions, whether cloud-based or not, as all IT systems will eventually have to support a cloud resource,” Meftah added.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cloud Security

Cloud Disaster Recovery - Ingredients for a Recipe that Saves Money and Offers a Safe, More Secure Situation with Greater Accessibility

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...