Cybercriminals are known for hacking into company networks and stealing data from endpoint devices. But increasingly, they’re also going after the underlying infrastructure that supports cloud computing services and the internet itself, according to Kyle York, vice president of product strategy for Oracle Cloud Infrastructure.
York discussed this growing threat and the increased sophistication of today’s cybercriminals during a recent episode of the Future Tech Podcast. He also had some sage advice for enterprises that want to improve their cloud infrastructure security.
What are some of the big challenges associated with cloud computing today?
One is the just scale and complexity and volatility of today’s modern internet. Distributed denial of service (DDoS) attacks are absolutely on the rise both on applications and domain space, but also on the core infrastructure that these applications run on. We see plenty of attacks per week on our network alone that we have to mitigate on behalf of our customers. But there’s also things like BGP hijacks and Domain Name Service (DNS) cache-poisoning attacks. I mean the volatility isn’t always the result of nefarious, bad actors. It could be just human error. But we’re also seeing volatility as it relates to nation-state conflicts and government-imposed shutdowns on internet access. There are myriad attack vectors that exist even before you even get into things like data hacking and data theft. When you hear about security you hear a lot about data and endpoint protection, but not necessarily about the infrastructure side of the equation.
Have you noticed anything about the structure of the internet itself that surprises you?
It’s a moving target, and it’s kind of like electricity, right? You don’t really notice it, or you take a little bit for granted — until it’s pitch black when you’re trying to cook dinner. I think this is natural in terms of how we think about the internet. When you visit a webpage and it’s not working, you’re just going to move on. You’re not actually thinking about what went wrong. You tend to want to blame the provider’s website, but it could have been a problem with the service provider, the path to get there, the infrastructure platform it’s hosted on, or the SaaS platform it’s being delivered by. Literally thousands and thousands and thousands of transit providers, network service providers, and cloud platform providers platform providers exist in the world who are stewards of this system. As a result, the internet is consistently evolving and changing.
Have you seen any cyber-attacks that amazed you in their sophistication?
We’re seeing variants of attacks that bring together different styles, like DDoS attacks mixed with BGP hijacks, for example. We’re also seeing attackers pull together different protocol-level attacks to potentially infiltrate systems and steal information or bring down properties. That’s where we’re starting to see a lot more complexity. These are not your grandparents’ attacks anymore. They’re more distributed, they’re very multilayered, and they’re more global. That’s why enterprises need to be relying on cloud partners and infrastructure providers who are doing this at scale, with a proven track record of availability, performance, and security.