What do these cyber-attacks have in common? All the affected companies that operate in the cloud. They are just a few examples to demonstrate that cloud platforms are becoming prime and a lot of times easy targets for threat actors.
In past few years, we have been seeing businesses and organizations actively move their assets, operations, and applications online, as well as a shift to a virtual workplace environment. Many opt for using cloud service providers (CSP), such as Amazon Web Services (AWS), Azure, and Google Cloud Platform (GCP). Clouds are robust, reliable, and enable businesses to deploy and operate their applications and infrastructure with less effort than in-house hosting.
However, the convenience of being cloud-based comes with an often-overlooked downside – the public visibility of cloud service providers makes your environment a bigger and easier target for cybercriminals. The risks increase for multi-cloud operating companies.
While most cloud providers now have security services integrated into the cloud and are accessible to users, they require configuration, risks assessment, and continuous evaluation to ensure your business stays protected from cyberattacks.
Misconfiguration remains one of the most common causes of data breaches. According to the Identity Theft Resource Center (ITRC), configuration mistakes were responsible for a third of data breaches. For example, misconfigured stores and leaky APIs continue to be the biggest and most impactful cloud security holes for businesses.
Improper configuration can put an entire organization or business at risk. Identifying vulnerabilities in the network configuration from the start and executing continuous assessment to identify weaknesses, which threat actors might exploit, must be key elements of a strong cloud posture.
Motivations behind the attacks are expanding as well. In addition to data exfiltration, resource theft and supply chain compromise are increasingly common motives. The ultimate threat is a complete account takeover, which can negatively impact a business, and allow an attacker to execute all the threats mentioned above.
In case of an account takeover, threat actors can scrub an entire account leading to the loss of business. Squatting and resource theft is another emerging cyberattack trend we are seeing. Accounts are used for a range of illicit activities, including phishing, spamming, and even crypto mining.
Weaknesses in the cloud security framework and prevalent reliance on cloud providers in recent years also created perfect conditions for another serious cyberthreat – Denial-of-Service (DoS) attack. It can significantly cripple a business or organization and lead to severe monetary and resource losses.
Supply chain compromise is also on the rise, being fueled by the current evolving geopolitical landscape. These attacks put in danger not only large organizations but also small and medium-sized businesses (SMBs) and can be very disruptive and costly.
Let us look at the SolarWinds supply chain cyberattack as an example. The attackers accessed the system belonging to the Texas-based software company, via SolarWinds’s Microsoft Office 365 account, which had also been compromised at some point. The attackers then established a foothold in the software and inserted malicious code into an update for SolarWinds’ popular network management platform, known as Orion. Customers, who routinely updated their Orion software, unknowingly downloaded the embedded virus into their systems. Once inside, the attackers could choose which areas to access and were able to move through systems and conduct their operations, they gained access to sensitive emails and other documents. The threat actors remained undetected for the next eight months costing SolarWinds $18 million in the first three months of 2021. The attack compromised federal agencies, courts, numerous private sector companies, and state and local governments across the country.
This large-scale example shows not only the dangers of cybersecurity oversight but also the evolution of the threat actors’ methods and growing concern for companies and organizations on all the spectrum of operations.
Cloud operating businesses must evaluate their risks and have a complete understanding of their cloud security framework. It is critical that security is configured upon implementation and assessed regularly to prevent vulnerabilities hackers might exploit.
In any public cloud, whether you are using it as SaaS, PaaS or IaaS, there is a shared responsibility between the Cloud Service Provider (CSP) and the user. Security functions, such as data classification, network controls, and identity and access management need clear owners. The division of these responsibilities is known as the shared responsibility model for cloud security. Each cloud provider has their own model, and it is important to examine to know which responsibilities are retained by the user, which vary in ownership, and which transfer completely to the cloud provider.
This chart, provided by the Center for Internet Security (CIS), illustrates shared responsibilities between cloud providers and customers:
Once you have gained a clear understanding of the responsibilities that you retain or share, configuring the security posture and identifying your businesses’ vulnerabilities must be the next task. However, as a growing business that is focused on making products or offering services to customers, there may not always be enough resources to assemble a security team, employ a cybersecurity expert, or educate staff on monitoring of the security posture.
For the past few years, VerSprite’s team of cyber experts has been developing AltorCloud, a cloud security assessment platform, to help your business or organizations with anything from setting up the security framework, finding gaps, performing continuous checks with automated AltorCloud tools, to assisting you with remediating vulnerabilities across networks and multi-cloud organizations. It brings your entire cloud security on one plane.
AltorCloud works with single and multi-cloud operations. After the initial setup and configuration, the platform continues to perform real-time monitoring and provides step-by-step instructions to fix issues that it identifies.
VerSprite is a cybersecurity consulting company. Beyond offering the automated platform, AltorCloud, our team of experts is always on stand-by to assist with the set-up and provide recommendations on how to better protect your operations.
AltorCloud is cost-efficient and gives you peace of mind while operating your business in the ever-developing cyber landscape.