Cloud Threats in 2021
So far, we’ve devoted quite a bit of content to the ways in which digital transformation has impacted the work of enterprises and their activities in securing their new distributed infrastructure. In today’s article, we’ll look at three of the most serious threats to cloud infrastructure – which ones to prioritize and why?:
1. Account hijacking
Account hijacking, or more precisely, account access credentials, continues to be the most serious threat.
Attackers can take over accounts in several ways, including:
- Phishing: directing users to an unsecured website to steal their information or take their session ID.
- Keyloggers: a program that records users’ keystrokes, including user IDs and passwords, and sends the information to attackers.
- Buffer Overflow Attacks: overwriting data in memory with malicious data designed to give attackers unauthorized access.
- Cross-Site Scripting (XSS) attacks: a type of injection attack in which the attacker sends malicious scripts through the browser (e.g., by hiding them under image files) of the Internet to gain access to vulnerable accounts.
- Brute-force attacks: where attackers gain access to accounts by guessing passwords – usually using software that checks all possible combinations at the speed allowed by the computing power of the hardware platform.
Account hijacking is not new – however, as a lot depends on password hygiene and user awareness, it is very difficult to protect against it.
In order to do so, a proper password policy is necessary – one that goes beyond the 8-character passwords mentioned in many frameworks. You need to create secure passwords and change them regularly. If possible, you should also consider using multi-factor authentication (MFA). This will provide an extra layer of security, making it difficult for attackers to remotely access your account. Many successful account takeover attempts occur due to phishing. Exercising caution when clicking web and email links and receiving password reset requests will go a long way in protecting against attacks.
2. Unsecured APIs.
Application user interfaces (APIs) are a popular method of enhancing cloud computing. APIs make it easy to share information between two or more applications. Known for their convenience and ability to increase performance, APIs can also be a source of vulnerability in the cloud. Using unsecured APIs, attackers can easily gain access to enterprise data and launch DDoS attacks. Moreover, sophisticated attackers can use several techniques to evade detection when conducting API attacks.
As companies increase their dependence on APIs, the number of attacks targeting them is increasing. According to Gartner, API abuse will become the most common attack vector by 2022.
There are several steps you can take to secure your cloud system from API attacks:
- Run penetration tests that emulate API attacks.
- Use SSL/TLS encryption for transmitted data.
- Strengthen authentication controls with an MFA service.
- Choose who you share API keys with and dispose of API keys when they are no longer needed.
And remember – developers are also responsible for creating APIs with stronger authentication.
3. Vulnerabilities in system architecture.
Yes… we know the above sounds generic. However, system vulnerabilities are one of the most common cloud security vulnerabilities and can occur for many reasons. Integrating an unsecured third-party application can create system vulnerabilities, or they can arise due to misconfigured security tools on cloud systems.
Some of the more common system vulnerabilities that can negatively impact cloud services include:
- Lack of input validation on user input.
- Inadequate logging and monitoring.
- Improper error handling.
- Failure to close database connections.
So… how do you ensure protection against vulnerabilities? The answer is:
- Security-by-design – properly building applications so that they are not vulnerable to attacks. We recommend securing yourself with at least the OWASP TOP10.
- Cloud Access Security Broker (CASB) – will allow to validate data without entering it directly into the application, similar protection will be provided by Web Application Firewall.
All of the above are issues known for a long time, but due to the dynamic changes in IT infrastructure, the constant shortage of professionals and the ever-present “pressure to perform” – organizations do not have enough time and resources to deal with them. If you are also concerned about the above areas – we will be happy to advise you on how to mitigate these risks.