Emerging threat vectors due to increased cloud adoption – ET CISO
Cloud computing was heralded as the next phase of technology that could potentially ease the burden of owning, running and maintaining physical infrastructure for businesses. The likes of Amazon Web Services, Google Cloud and Microsoft Azure have built their business, thanks to the growing advent for the technology. But as the attack surface increases, so do the attack vectors and we have seen these trends in the recent past.
So, why do these keep happening? Are businesses ignoring the obvious deficiencies of running such a model?
The pace with which Cloud has penetrated in our lives is massive leaving pertinent lapses. Most reports say businesses, even the premium establishments, find it hard to assess and keep track of their data logs. That’s not all; their security standards come across lenient even though the severity of the data requires better supervision and holding. Therefore, it is imperative cloud developers have security at the top of their priority list to safeguard data. And with cloud adoption only going to increase in the future, the need to understand attack vectors will help them solve and plan for such mishaps.
How does one define attack vectors?
An attack vector is a way to gain unauthorized network access in order to launch a cyberattack. Cybercriminals use attack vectors to access sensitive data, personally identifiable data ( ), and other valuable information after a successful exploitation. In cloud environments the common attack vectors include compromised credentials, unintentionally exposed services and misconfigurations etc..
are paths through which a hacker/third person gets access into your environment through well defined routes. This gateway is generally created because of route vulnerability. The access points (or entry route) could be anywhere from the network, users, web apps, or even as simple as through email. Most cases arise when malicious software bypasses the company’s perimeter security to enter the system. This access could invariably end up leaking sensitive data and other possible mishaps.
Some of the popular forms of attacks on cloud infrastructure are: CSP APIs allow users/developers to interact with cloud-based services and misconfigured or vulnerable APIs can have a significant impact on the security of cloud environments.
- Metadata Service Exploitation Through SSRF
Each of the top cloud service providers provides a metadata service for instances running in their environments, generally accessible via HTTP at the link-local address 169.254.169.254. The metadata service allows a user to query and manage an instance programmatically, and generally, an instance has access to its metadata API without additional authorization.
- Misconfigured Storage Buckets
Storage buckets can also be used for large data sets such as transaction information for an online e-commerce site, or as an internal file host to store more sensitive files such as API keys and/or SSH access. There are many cloud service providers that offer ways to protect storage buckets. In some cases, however, the bucket policies might not be correctly configured, or open policies may be required to aid in the design of an application. You can find many cases in which an insecure storage bucket caused data breaches with moderate-to-severe consequences by doing a quick Internet search for “insecure bucket data leak”.
Credential Leakage and Overly Permissive Access:
Overly permissive policies are another common cause of data breaches in cloud environments. Overly permissive access policies can make it more difficult to protect your data from breaches.
Distributed Denial of Service (DDoS)
This attack makes a website/infrastructure unavailable to the customers. Websites with any software vulnerability or via the aforementioned threat vectors can fall victim to such coordinated attacks. The computer literally becomes a bot and answers to any command sent over by the attacker. The army of bots (called botnet) then are capable of waging an attack on any server controlled by the owner of the bots.
This form of attack is primarily used to target servers with high-value items like credit card details, payment gateways, banks and even the government entities at times. With cloud becoming the centre point of such servers, attacks like these gain further power, making it hard to protect.
Cloud malware injection
As the name suggests, attackers look to inject malware to the cloud servers of the customer or a business. The hacker basically adds a service implementation module to Software as a Service ( ) solution. If the targeted cloud system falls into the trap of the infected software, the hacker can gain access to the module by executing a malicious code. Such attacks mostly occur in the form of cross-site scripting and injection.
Side channel attacks
These attacks majorly happen through virtual machines, set up to target another virtual machine ( ). This way the VM manages to extract sensitive and useful data from the targeted VM of the business.
Businesses need to take charge
So the onus falls on businesses and Cloud Service Providers to set up their infrastructure and plan for threat vectors while forming an IT Road map for their organisation. Tracking attackers won’t be required if the companies can assess the possible threat vectors, identify them at the earliest and have security controls in place to address them. This eventually becomes the backbone of a business’s security roadmap. After all, now they have the data to determine what, where and how they can become targets for cyber attacks.
To secure these threat vectors, they have to consider multiple layers of protection and mix it with integrated solutions that seamlessly offer efficient results. Most organisations feel overwhelmed by all this because they complicate their thought process. The idea is to keep it simple, follow the basics and do the necessary safeguarding.
To protect the cloud environments, organizations need to build a strong detection, monitoring and response strategy, organizations should also adhere to the principle of least privilege, allowing accounts as few accesses as possible in order to fulfil their roles. It is vital that all data be protected using strong encryption standards.
It’s imperative that all the data is secured behind strong encryption standards. Conduct regular security audits of your cloud network, as well the cloud provider. To prevent attacks, you need to detect it before it causes havoc. Build a strong detection system to protect the network.
Digital is the future for businesses, and organizations have to plan for every possible attack that could damage their business prospects. And there is no better way than to prepare, prevent rather than react in such cases.
The author is VP Technology,