Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new blog
2897
Views
1
Helpful
0
Comments

Discover the Cloud Security Threats in 2018

pallavi.godse
Level 1
Level 1
‎04-16-2018 10:26 PM

Cloud Security Threats.jpg

Enterprises are continuously investing heavily in cloud computing and so the experts are now accepting the fact that the market is entering a second wave. This is leading to several security threats to cloud which you need to know as below:

  • Data Breaches
  • Lack of Identity, Credential, and Access Management
  • Insider Threats
  • Denial of Service Attacks (DoS)
  • Shared Technology/System Vulnerabilities
  • Account Hijacking
  • Insufficient Due Diligence
  • Insecure APIs
  • Spectre and Meltdown

As enterprises continue to invest heavily in cloud technology, experts now agree that the market is entering a second wave, as we take a look at cloud security threats.

No doubt 2018 is going to be an exciting year for cloud computing but it’s also going to bring several security challenges. As per the Forrester’s analyst, Dave Bartoletti, enterprises that generate big revenues, have their own data centers and run complex applications are looking at cloud as a viable option to run their core business. Cloud computing is transforming continuously in a way the organizations are using, storing and sharing data, applications and workloads.  Due to this, there is a huge quantity of data that’s being stored to the cloud and bad actors are getting a chance to target it naturally.

But this doesn’t mean that your data on cloud isn’t secure. Below are some top cloud security threats which you need to remember and set a proper plan for securing your business in future:

Top Cloud Security Threats in 2018

Data Breaches

Any targeted attack is done with the prime objective of data breach or it can also be the result of human error, poor security practices or application vulnerabilities as per the Cloud Security Alliance (CSA). The data breach can involve data that was not supposed to be released to the public which includes financial information, personal health information, trade secrets, personally identifiable information and intellectual property.  The value of the organization’s cloud-based data might be different for different people.

In 2017, there have been maximum data breaches and one of them was the Equifax breach that occurred in September 2017 and affected around 143 million ordinary people. Though this wasn’t a cloud data breach, in May 2017 OneLogin, Identity and access management software vendor for cloud services faced a major cloud-based data breach. The company provides these services to over 2,000 companies around the world. Additionally, out of the data breaches that happened in March 2017 alone many involved cloud servers leading to a loss of over 1.4 billion records.

So, looking at all these examples of 2017’s data breaches, it has become a top concern for the cloud customers to protect their data on the cloud.

Lack of Identity, Credential, and Access Management

As per the CSA, the cyber threat actors impersonating as legitimate operators, users or developers are enable to read, tweak and delete data; spy on data transit; issue control plane as well as management functions or release malicious software which appears to be legitimate. Thus, if the organization lacks in managing the authentication and identity in a proper way it is itself responsible for data breaches. Businesses need to properly allocate access to data as per every user’s job role and therefore, they need to struggle a lot with identity management.

One of the examples of identity theft and weak authentication is the Anthem Inc data breach, leading to loss of 800 million records which contained personal and medical information. This was because the cyber criminals were able to access this data easily by stealing the user credentials. Thus, the company had failed to start the multi-factor authentication.

One-time passwords and phone-based authentications are the two factor/multi-factor authentications that help in securing cloud services by making it tough for the attacks to steal the credentials.

Insider Threats

Another underestimated factor for cloud security is the insider threats. Enterprise cloud security can be affected due to poor identity management especially, when IT professionals forget to delete or modify the user access when an employee leaves the organization or a job function changes.

There are several forms of insider threats such as system administrator, former employee, business administrator or contractor. The criminal’s plan can range from IP theft to revenge, depending on the industry.

This type of threat can result into big disasters. Systems that solely rely on cloud service providers for security, like encryption, can be at greatest risk of insider threat. In 2016, the data breach at Sage, an Accountancy Software firm in U.K. was an insider threat that dropped the company’s stock price by 4.3% resulting into million dollars loss.

Therefore, it is recommended that organizations give least privilege access rights to their employees. Especially, when a system administrator is given all the privileged rights to access highly critical systems and confidential data, it is essential to find whether the individual is actually trustable. Apart from this, it’s important to keep a watch on the systems that are only dependent on cloud services as they are at big risks. It can be a misidentification of malicious activity when a routine job is done poorly. For example, if accidentally, an administrator copies sensitive customer information to a public server.

So, it is becoming highly important for the organizations dealing with cloud to properly train and manage their employees to avoid these mistakes.

Denial of Service Attacks (DoS)

DoS attacks or Denial of Service attacks are the simplest way for the bad actors to target businesses. In this attack, the attacker tries to perform malicious activity of disturbing the normal traffic on the targeted server, leading to denial of service for users of the server. When these attacks are performed with the help of multiple compromised computer systems or botnets it is known as DDoS/Distributed Denial of Service attack. But today these attacks don’t require botnets instead attackers now use cryptocurrency for buying a Dark Web service.

As compared to other threats, DDoS attacks are becoming the most prevalent type of cyber threat that saw a rapid growth since 2017 in terms of number as well as volumes as per the market research. If enterprises that run critical infrastructure in the cloud are targeted by the DoS attacks can be crippling leading to system slow down or time out.

No website is fortunate enough to stop a DDoS attack from targeting it but yes, you can avoid your website from being compromised. Looking at all this, cloud providers have started using some new solutions like StormWall Pro, Cloudbric, BeeThink anti-DDoS Guardian tool, etc. which secure your website from being the victim of DoS attack.

Shared Technology/System Vulnerabilities

Exploitable bugs that are used by attackers to infiltrate a system for taking control of the system, stealing data or disrupting service operations are called as system vulnerabilities.  According to CSA, if there are vulnerabilities within the operating system components, the security of all services as well as data is at major risk. Since multi-tenancy is introduced in the cloud, systems from various businesses are placed close to each other and are permitted access to resources and shared memory which creates a new attack surface.

When an enterprise sign-ups for a cloud service, there is sharing of infrastructure, platforms or applications for an extensible delivery. The “as-a-service” model of the cloud technology is divided without significantly changing the off-the-shelf hardware/software – often due to the high security price. The design of the underlying components comprising the infrastructure supporting cloud services deployment won’t be such that it offers strong isolation properties for a multi-tenant architecture or multi-customer applications. This can lead to vulnerabilities due to shared technology, potentially exploiting all delivery models.

Account Hijacking

As per CSA, service or account hijacking isn’t new anymore, but due to cloud service it has added a new threat to the background. When an attacker is able to access any user’s credentials, he can snoop on activities and transactions, modify data, return untrue information and redirect clients to illegal sites. Attackers can get an access to the critical areas of cloud services, enabling them to challenge the service integrity, confidentiality and availability.

Thus, common strategies of defense-in-depth security can contain the loss due to a hijacking attempt. But prevention is the best-practice when it comes to cyber security. The account credential sharing between users and cloud service should be prohibited by enterprises and also a multifactor authentication should be enabled where it is possible.

CSA recommends monitoring of accounts to be done to trace back every transaction to a human owner. The reason behind this is to avoid credentials from being stolen easily.

Insufficient Due Diligence

The process of evaluating cloud vendors for ensuring deployment best practices is called due diligence. Verifying if the cloud provider is able to offer adequate cloud security controls and also the expected level of service, is the part of this process.

Accreditations and standards gained by cloud providers need to be reviewed by the enterprises including the DCS, ISO 9001, PCI and HIPAA.

Enterprises shouldn’t opt for cloud until they completely understand its environment or they might get entangled in different security issues. For example, many times organizations that don’t read the contract properly while signing up for cloud services, won’t be aware where their liability can be found when there is a data loss or breach.

Application security and any resulting breach is massively affected by due diligence. Rise of cloud technology indicates change in the shared security. No doubt cloud providers would be the one responsible for your infrastructure but this can get easily washed off from their mind and so, as a customer even you are responsible for securing your own application and infrastructure.

Insecure APIs

In cloud technology, application programming interfaces are the important software components. There are several cloud services where APIs are the single feature with a public IP beyond the trusted organizational boundary. When a cloud API is exploited, it gives the cyber attackers huge access to your cloud applications which is quite threatening.

A public front door is offered your applications with Cloud APIs and so, securing them is very important.

Developers can manage and interact with their service with the APIs offered by most cloud services. The security of the API is what decides the security and availability of cloud services right from authentication and access control to encryption and activity monitoring.

Third parties that rely on such APIs are extremely risky as enterprises might need to expose more services and credentials. When the APIs are weak, enterprises are at risks of being exposed to security vulnerabilities.

The Cloud Security Alliance recommends security-focused code reviews and rigorous penetration testing for securing cloud APIs and enterprise applications that are used to build those APIs.

Spectre and Meltdown

A new addition to the list of cloud security threats in 2018 is the Spectre and Meltdown vulnerabilities. These vulnerabilities are executed speculatively affecting the CPUs used by the cloud services.

Researchers discovered a common design feature in January in several modern microprocessors that allow content along with encrypted data which uses malicious JavaScript code to read from memory. All devices right from smartphones to servers can be a victim of Meltdown and Spectre.

Side-channel attacks are permitted by both Meltdown and Spectre as they disturb the isolation between the applications. An attacker is enable to read the information from the kernel when he accesses a system through unprivileged login or if attacker is a root user on a guest virtual machine (VM), he can read the host kernel.

Being a huge issue for cloud service providers, patches are becoming available for the two vulnerabilities but those can only make attack execution tough and not stop it. As the patches might degrade the performance, some businesses might even leave their systems unpatched. Also, Spectre in particular is difficult to patch. It is recommended by the CERT advisory to replace all affected processors which isn’t easy, as replacements aren’t available yet.

Cloud services will keep on booming in 2018 and businesses will keep on loving them due to the features offered such as storing data and running workloads in cloud. With this growth, your business will need to keep a larger target. Also, remember the lowest hanging fruit from the largest pool of possible targets is the most loved by cyber attackers. So, in order to secure your data in cloud, you need to view your workloads and data in comprehensive manner as well as pay attention continuously.

Labels:
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Popular Articles
Customers Also Viewed These Support Documents