Rocke Group Hackers Target Cloud Administrative Infrastructure

The cybersecurity skirmish line in the cloud has moved yet a bit closer. The threat actor Rocke Group has automated malware to uninstall cloud security products, according to an analysis by the researchers at Palo Alto Networks Unit 42. The malware samples are engineered to gain administrator access on a cloud instance and then uninstall the cyberdefense software, as any administrator would be capable of doing. The Rocke Group is believed to be based in China, although this is not yet proven. The biggest concern is that this sets a new direction for additional malware development. The defense of the cloud against this type of attack is difficult. It is not reasonable or reliable to expect a cloud instance to report on self-health and integrity if a cyberattacker gains this sort of access. This is, in some ways, déjà vu all over again. About five to 10 years ago, there was a crop of malware that was able to disable your anti-virus software and your desktop security. Rocke Group’s threat to your cloud is a greater danger on a much greater scale. The cure? One consistent approach to protecting all of your IaaS and SaaS clouds can be provided by cloud access security brokers (CASB). CASB can provide end-to-end, or “edge,” encryption to secure your data in the cloud during all phases of use. This includes in the database, in transit (APIs, middleware, etc.), and in use. If you secure your cloud this way, the Rocke Group will likely leave your cloud empty-handed. CipherCloud CASB can provide the data protection, threat protection, and flexible architecture you need to successfully meet (and defeat) new attack vectors such as those employed by the Rocke Group. Find out more about CipherCloud’s CASB platform to protect all of your vendor-provided SaaS cloud applications as well as your custom IaaS-hosted applications. Why CipherCloud? Our CASB platform is the best. We provide: • ZERO TRUST ARCHITECTURE for comprehensive protection of your users, applications, and data in the cloud • DATA-CENTRIC CASB with DLP, DRM, and End-to-end Encryption for Total Data Protection • ADAPTIVE CLOUD CONTROL for any User, Device (both managed and BYOD), Location, and Cloud, with contextual and behavior analytics • UNIVERSAL CLOUD POLICY Platform for ALL controls across ALL clouds while integrating existing security systems • ACCELERATE CLOUD ADOPTION securely with Friction-less, Agent-less, Hybrid architecture

*** This is a Security Bloggers Network syndicated blog from CipherCloud CASB+ Platform | Enterprise Cloud Security authored by CipherCloud. Read the original post at: https://www.ciphercloud.com/blog/rocke-group-hackers-target-cloud-administrative-infrastructure