Top Cloud Security Threats – Part 1

When it comes to adopting and moving to the cloud, security is often cited as one of the top concerns, with 77% of organizations recognizing its importance. This is amplified by the accessibility of data and applications from outside a company’s network. Something which potentially grants threat actors visibility and access to an organization’s infrastructure, if security is not properly configured and implemented consistently.

In traditional networking environments, the perimeter is arguably more straightforward and parameters regarding protecting a network are, more or less, easily identifiable. While the cloud is a different type of landscape, it does not necessarily introduce new threats. Rather, it magnifies existing threats and facilitates the need to adapt security techniques to a revised deployment model.

Let’s take a look at some of the top cloud security threats:

Data Breaches

Data breaches are a legitimate security threat for both traditional and cloud environments. Ideally, security is at the forefront of deployment and maintenance in either environment, but the cloud does present additional challenges.

For instance, databases are no longer confined to an organization’s physical network (i.e. local servers); they are accessible through a web browser via a web application. And, if access to those databases is not secure, it leaves an organization’s databases vulnerable to a cyber attack.

Poor Access Management

Access management is crucial to protecting your data and clients, especially when it comes to the cloud. Poor access management can easily result in a breach, as seen with Reddit earlier this year, where hackers used legitimate admin credentials to gain access to an old database backup, as well as some users’ emails.

Interestingly, Reddit had already implemented SMS-based two-factor authentication (2FA), but the hackers were able to intercept said SMS to authenticate the login. In response, Reddit quickly rolled out token-based 2FA for its employees, as well as users.

Insecure Interfaces/APIs

Interfaces and APIs are the front doors leading to data stored in the cloud. Since the cloud is heavily reliant on interfaces and APIs, the ones that are not sufficiently protected are a definite concern. Cue the iCloud breach of 2014. Hackers took advantage of a glitch in the iCloud interface that allowed them unlimited password guesses.

System Vulnerabilities

Patching vulnerabilities is one of the most important aspects of any cybersecurity solution. A recent study analyzing over 316 million security incidents found that it takes organizations an average of 38 days to patch a vulnerability. 38 days. That is simply not fast enough.

The 2017 Equifax data breach is a prime example of why patching system vulnerabilities as soon as a patch is available is absolutely critical. The Equifax hackers exploited a known vulnerability (CVE-2017-5638) in Apache Struts, for which a patch was available. To give you a timeline, Apache released a patch for that vulnerability on March 8th, hackers first exploited the vulnerability in May, and Equifax didn’t patch it until July 30th. While it wasn’t the only point of failure, the breach affected over 147 million individuals in the United States and is projected to cost Equifax over $439 million by the end of 2018.

APTs (Advanced Persistent Threats)

Advanced persistent threat (APTs) are sophisticated threats that enter a network and use various techniques to launch additional attacks by going undetected for an extended period of time. In a recent survey conducted by Netscout, 15% of respondents had experienced an APT, while  more than half cited APTs as  one of their top concerns for this year.

In 2009, the Ghostnet operation was a cyberespionage campaign that targeted workstations and users in over 100 countries via spearphishing emails. The emails contained a malicious attachment that downloaded a Trojan, enabling hackers to remotely access and control infected devices.

Stay tuned for Part 2!