Cloud computing is continuing to change the way organizations use, store, and share data, applications, and workloads. This has also brought a series of new security threats and challenges. As a large amount of data enters cloud computing-especially public
cloud services, these resources have naturally become the targets of bad guys.
Jay Heiser, vice president and head of cloud security at Gartner, said: The use of public clouds is growing rapidly, so it will inevitably lead to a large number of sensitive content being exposed to potential risks.
Contrary to the perception of most people, the main responsibility for protecting enterprise data in the cloud lies not with service providers, but with cloud customers.
Here are some of the top
cloud security issues (in order of severity of survey results):
1. Data breach
CSA stated that the data breach may be due to a targeted attack, or it may simply be caused by human error, application vulnerabilities, or poor security measures. Data leakage may involve any information that is not intended to be disclosed, including personal health information, financial information, personally identifiable information, trade secrets, and intellectual property information. The cloud data of an organization may have different values for different objects. The risk of data leakage is not unique to cloud computing, but it is always the most concerned issue of cloud customers.
In his "Deep Dive" report, he cited the 2012 LinkedIn password hacking as the main example. Since LinkedIn did not encrypt the password database, the attackers stole 167 million passwords. The report stated that this time the leak warning organization should always salt and hash the database containing user credentials, and perform log records and abnormal behavior analysis.
2. Improper management of identity, credentials and access
External intruders posing as legitimate users, operators, or developers can read, modify, and delete data; publish control panels and management functions; monitor data in transit or publish malicious software whose source appears to be legitimate. Therefore, improper management of identities, credentials, or keys may lead to unauthorized data access, and may have disastrous results for organizations or end users.
According to a Deep Dive report, an example of improper access management is the risk of the default installation settings of the MongoDB database. The database opens a port in the default installation settings, allowing visitors to access the database without authentication. The report recommends the implementation of preventive controls in all surrounding environments, and requires organizations to scan for vulnerabilities in hosting, sharing, and public environments.
3. Insecure interface and application programming interface (API)
Cloud providers expose a set of software user interfaces (UI) or APIs through which customers manage and interact with cloud services. CSA stated that provisioning, management, and monitoring are performed using these interfaces, and the security and availability of general cloud services depend on the security of the API. They need to be designed to block accidental and malicious attempts to avoid policy.
4. System vulnerabilities
System vulnerabilities are exploitable vulnerabilities in programs. Attackers can use these vulnerabilities to sneak into the system to steal data, control the system or interrupt service operations. CSA stated that vulnerabilities in operating system components put the security of all services and data at significant risk. With the increase of cloud users, the systems of different organizations are close to each other and are given access to shared memory and resources, which creates a new angle of attack.
5. Account hijacking
CSA pointed out that account or service hijacking is not new, but the emergence of cloud services brings new threats. If an attacker gains access to user credentials, they can monitor user activity and transactions, manipulate data, return fake information, and redirect customers to illegal sites. Accounts or service instances may become a new basis for attackers. Using stolen credentials, an attacker can access key parts of cloud computing services, thereby destroying the confidentiality, integrity, and availability of these services.
An example from the Deep Dive report: The Dirty Cow Advanced Persistent Threat (APT) team was able to take over existing accounts through weak audits or social engineering to gain system root privileges. The report recommends implementing “need to know” and “need to access” strategies for access permissions, and social engineering training on account takeover strategies.
6. Malicious insiders
CSA stated that although the degree of threat is open to question, there is no doubt about the fact that insider threats create risks. Malicious insiders (such as system administrators) can access potentially sensitive information, and gradually can perform higher-level access to more critical systems, and ultimately access data. If you only rely on cloud service providers to maintain system security, the system will face huge security risks.
The report cited the example of a disgruntled Zynga employee who downloaded and stole the company’s confidential business data. At that time, there were no loss prevention control measures. The Deep Dive report recommends implementing data loss prevention (DLP) controls to increase security and privacy awareness to improve the identification and reporting of suspicious activities.
7. Advanced Persistent Threats (APTs)
APTs are a parasitic form of cyber attacks that penetrate into the system, take root in the target company’s IT infrastructure, and then steal data. APT will secretly track its own targets for a long time, and can usually adapt to security measures designed to defend against them. Once in place, APTs can move laterally through the data center network and integrate into normal network traffic to achieve their goals.
8. Data loss
Data stored in the cloud may be lost due to reasons other than malicious attacks, CSA said. Accidental deletion by cloud service providers or physical disasters (such as fire or earthquake) may result in permanent loss of customer data, unless the provider or cloud consumer has backed up data and followed best practices in business continuity and disaster recovery.
9. Due diligence is not thorough enough
CSA stated that when executives develop business strategies, they must consider cloud technology and service providers. When evaluating technologies and suppliers, it is important to develop a comprehensive roadmap and due diligence checklist. Organizations that are eager to adopt cloud technology but do not select a supplier without conducting due diligence will face many risks.
10. Abuse and malicious use of cloud services
CSA stated that insecure cloud service deployments, free cloud service trials, and fraudulent account registrations have exposed cloud computing models to malicious attacks. Malicious individuals may use cloud computing resources to target users, organizations, or other cloud providers. Examples of misuse of cloud-related resources include launching distributed denial of service attacks, spam and phishing attacks.
11. Denial of Service (DoS)
DoS attacks are designed to prevent users who use the service from accessing their data or applications. By forcing the target cloud service to consume excessive system resources (such as processing power, memory, disk space, or network bandwidth), an attacker can slow down the system and make all legitimate service users unable to access the service.
DNS provider Dyn is a prime example of DoS attacks in the Deep Dive report. An external organization uses Mirai malware to initiate a distributed denial of service (DDoS) on Dyn through IoT devices. This attack was successful because the IoT device under attack used default credentials. The report recommends analyzing abnormal network traffic, and reviewing and testing business continuity plans.
12. Shared technical vulnerabilities
CSA pointed out that cloud service providers provide scalable services by sharing infrastructure, platforms or applications. Cloud technology brings the concept of "as a service" without making substantial changes to existing hardware and software—sometimes at the expense of security. Compose the basic components that support the deployment of cloud services, and may not be designed to provide powerful isolation for multi-user architecture or multi-user applications. This can lead to shared technology vulnerabilities, which can be exploited in all delivery models.
An example in the Deep Dive report is the Cloudbleed vulnerability, in which an outsider can use a vulnerability in its software to steal API keys, passwords, and other credentials from the security service provider Cloudflare. The report recommends encrypting all sensitive data and segmenting the data according to the sensitivity level.
Other: Spectre and Meltdown
In January 2018, researchers reported a common design feature of most modern microprocessors, using this feature to use malicious Javascript code to read content from memory, including encrypted data. Two variants of this vulnerability are called Meltdown and Spectre, and they affect everything from smartphones to servers. Because of the latter, we included them in this list of cloud threats.
Both Spectre and Meltdown can perform side-by-side attacks because they break the isolation between applications. An attacker who can access the system through an unprivileged login can read information from the kernel. If the attacker is a root user on a guest virtual machine (VM), he can read the host kernel.
For cloud service providers, this is a huge problem. When a patch is available, it will be more difficult for an attacker to launch an attack. Patching may reduce performance, so some companies may choose not to patch the system. CERT recommends replacing all affected processors-but this is difficult to do when there is no replacement.
So far, there are no known vulnerabilities that exploit Meltdown or Spectre, but experts agree that these vulnerabilities are likely to appear soon. For cloud providers, the best advice to guard against them is to ensure that all the latest patches are in place. Customers should ask cloud providers to provide their strategies for dealing with Meldown and Spectre.
