Top 12 Cloud Security Threats

Cloud computing has transformed organizations completely and the growth of cloud has created new security challenges. Cyberattacks have proliferated. According to experts, in 2021, there will be a cyberattack once every 11 seconds, which is twice more than the rate in 2019 and four times more compared to the rate in 2016.

According to the report released by Cloud Security Alliance, the following are the top 12 threats to cloud computing. The purpose of this article is to provide information on these cloud security threats and how to overcome them. The article discusses the root cause of the threat, what would be the business impact and what the organization can do to prevent these in future.

1. Data Breaches

An unauthorized way to steal sensitive and confidential information from a person or organization. A data breach is done to steal information like financial, product details and personal information.

Root cause:

A data breach occurs when a hacker gets access to extract data and sensitive information. This will happen by getting the access to user account details or bypassing the network security remotely.

Business Impact:

Reputation – In a competitive market, the reputation is the very big challenge for companies. Even if the data breach issue fixed, the company lost the credibility of the customers.

Finances -Hackers will destroy the website and bank account details. In these scenarios, the revenue loss to the respective company is huge.

Ideas – Apart from losing money and reputation, the company’s growth will be affected when an idea is stolen.

Not to mention it could also lead to a loss of intellectual property and potentially legal liabilities.

Remediation:

  • Follow Data Security Lifecycle to find the security exposures.
  • Monitor internet access by URL filtering to identify sensitive data moving from the cloud.
  • Encrypt all sensitive data in Infrastructure as a Service (IaaS), Software as a Service (SaaS) and Platform as a Service (PaaS).
  • Restrict sensitive data snapshots and unapproved administrator access “UBER DATA BREACH 2016 – Users and Drivers data stolen from 57 million accounts.”

2. A lack of proper cloud security architecture, strategy

The aim to reduce the time to transfer data and systems to the cloud normally is prioritized over security.

Root cause:

The organization starts operating on the cloud using the security infrastructure and strategies that were tailor-made for it.

Business Impact:

It can lead to a misalignment of company’s key goals.

Remediation:

  • A security architecture framework must be developed and implemented.
  • Deploying a continuous monitoring capability and keeping threat models updated would be ideal.

3. Insecure Interfaces and APIs

Generally, customers use multiple interfaces and APIs to interact with cloud management. These interfaces and APIs will provide provisioning and management in the cloud. The hackers attack cloud services by malicious attempts to damage APIs and interfaces.

Root cause:

At times cloud management provides access to third parties for using APIs and interfaces without validating their authentication and authorization.

Business Impact:

APIs do not have the proper architecture to prevent the accidental and intentional attempts to access sensitive data, hence issues such as data availability, integrity and confidentiality tend to arise.

Remediation:

  • Ensuring strong authentication and access control.
  • Encrypted transmission of data.
  • Securing the dependency chain of APIs.
  • Strengthening the security model of the cloud provider.

4. System Vulnerabilities

If cloud computing provides the access to share memory, databases and other digital resources, then there is a chance for attack.

If the hacker gets hold of any details of the enterprise that will be more vulnerable to attack.

Root cause:

By providing remote access to the network and shared memory access without any validation

Business Impact:

The impact of unpatched system vulnerabilities on information system security is costly.

Remediation:

  • Regular vulnerability scanning.
  • Secure design and architecture can lower the chances of a hacker taking control of information system.

5. Account Hijacking

The process of hijacking an individual’s email account or an organization’s account to steal critical information. It is a kind of identity attack in which hacker will do an unauthorized attack.

Root cause:

By phishing, sending spoofed emails, password guessing and other different techniques used for Account hijacking. The hacker tries to get the personal information and financial transactional details from user-provided information.

Business Impact:

Cloud account hijacking effect will be much more at the organization level. Company reputation, integrity can be destroyed and confidential data leaked which consists of personal and financial data exposed during the cloud account hijacking incidents.

Remediation:

  • Organizations should restrict the employees to sharing of account credentials through the social media or networks and need to provide multi-factor authentication techniques.

6. Malicious Insiders

A Malicious insider is a person inside the organization performing malicious activities with their access permissions.

Root cause:

A malicious insider threat is in the form of current/former employee or other business management partners who had known about the sensitive information and intentionally misuse it.

Business Impact:

A malicious insider, intentionally misusing the access will affect the confidentiality, integrity, and reputation of the organization.

Remediation:

  • Need to implement Cloud Service Provider instructions for encryption.
  • Implement effective logging, monitoring and auditing the access permissions.

7. Advanced Persistent Threats

An Advanced Persistent Threat (APT) is the process of attacking the network by passing malicious data into the network.

By using APT, hackers focus on getting the data instead of damaging it. Usually where the data consists of high-level information like national defence and banking sector.

Root cause:

Direct Hacking network, spear phishing and directly accessing the physical system through devices are some possible scenarios for APTs.

Business Impact:

Advanced Persistent Threats (APTs) are capable of getting a grasp of all the network control infrastructure of target organizations from which hackers can steal information such as intellectual property.

Remediation:

  • Organizations should provide the awareness sessions regularly to their users.
  • Must cross-check the network before opening any suspicious emails and links.“HOME DEPOT 2014 – An attack exploited the Home Depot point-of-sale terminals at the self-checkout lanes”

8.Data Loss

Data loss occurs when the data gets corrupted, deleted, modified and made unreachable to the end customer.

Root cause:

Data stored in the cloud can be lost due to multiple reasons such as fire accidents or cyclones and files mistakenly deleted by the cloud vendors.

Business Impact:

In general, data lost will not have much effect on the organization. However, the data should not be related to financial details, marketing strategies, product information and sensitive information about the company.

Remediation:

  • Cloud service providers should provide the details of data loss scenarios and solutions for that.
  • Cloud service providers should provide the data backup within the cloud.“DROPBOX 2012 – Hackers tapped into 68 million user accounts”

9. Insufficient Due Diligence

This occurs when an organization adapts to cloud technologies without checking due diligence in different scenarios such as financial, accessibility, authentication and legal risks.

Root cause:

Ignoring cloud technologies and CSPs to implement the business strategies is the root cause of Insufficient Due Diligence.

Business Impact:

If an organization is using cloud services without accomplishing due diligence, then the organization will face issues with Commercial, Technical, Legal and Compliance.

Remediation:

  • An organization should verify with the cloud service providers whether they perform due diligence or not.
  • Need to confirm with cloud service providers to understand the risks.“National Electoral Institute of Mexico 2016 – 93 million voter registration records compromised.”

10. Abuse and Nefarious Use of Cloud Services

Unsecured cloud deployments, cloud service free trails and malicious emails sent to the customer for sign-ups in cloud service models such as Infrastructure-as-a-Service, Platform-as-a-Service, and Software-as-a-Service are the reason for this threat.

Root cause:

Cloud service providers failing to manage the accessing and deploying of the service models such as IaaS, PaaS, and SaaS.

Business Impact:

The Hackers can reduce the customer interaction capabilities to the cloud service resources through the malicious attacks and also reduce the availability of response from the cloud service providers.

Remediation:

  • Reduce the collaboration of unknown cloud service providers.
  • Consumers should follow cloud service providers instructions on payment instrument, fraud and misuse of cloud offerings.

11. Denial of Service

Denial-of-service (DOS) is the process of preventing end users from accessing cloud services by continuous engaging by a service from attacker end.

Root cause:

Hackers intentionally consume more amounts of finite system resources such as processor power, cloud memory, and network bandwidth.

Business Impact:

Service outages arise due to Denial-of-service attack if the same issue continues from the cloud service provider consumers will move to other service providers. This will affect more on revenue of the organization.

Remediation:

  • Need to implement proper regression filters (firewalls, logs).

12. Shared Technology

Vulnerabilities- Cloud service providers provide their services such as IaaS, PaaS, and SaaS without appropriately validating access permissions in between the services.

Root cause:

The underlying components (CPU caches, GPU, etc) that compromise the infrastructure supporting cloud service and other levels of cloud service models and this impact leads to shared technology vulnerabilities.

Business Impact:

A shared platform component not only exposes one customer rather it impacts all services and is the most treacherous threat to an organization.

Remediation:

  • Use multi-factor authentication on all service layers of the cloud, host-based, and network-based intrusion detection system.“MICROSOFT 2010 – Data contained within its Business Productivity Online Suite (BPOS) has been downloaded by non-authorized users.”

Conclusion

Organizations have realized that cloud has both advantages and disadvantages as far as security is concerned.

According to a study conducted by Clutch, 64% of enterprises consider cloud infrastructure more secure.

However, in the past, there were many breaches as discussed in this article. Addressing these security concerns is essential as it may affect the revenue and reputation of the organization.

It is critically important for organizations to follow the standard security practices. These 12 cloud threats are mapped to the OWASP 10 compliance standard in the below table.

Is Your Application Secure? We’re here to help. Talk to our experts Now

Read More

Mapping Cloud Top 12 Threats with OWASP Top 10:

The underlying components (CPU caches, GPU, etc) that compromise the infrastructure supporting cloud service and other levels of cloud service models and this impact leads to shared technology vulnerabilities.

OWASP Top 10Cloud Top 12 Threats
Injection(2) Insufficient Identity, Credential and Access Management(5) Account Hijacking(7) Advanced Persistent Threats
Broken Authentication and Session Management(1) Data Breach(2) Insufficient Identity, Credential and Access Management(5) Account Hijacking(7) Advanced Persistent Threats
Cross-Site Scripting (XSS)(2) Insufficient Identity, Credential and Access Management(7) Advanced Persistent Threats
Insecure Direct Object References(2) Insufficient Identity, Credential and Access Management(7) Advanced Persistent Threats
Security Misconfiguration(1) Data Breach(2) Insufficient Identity, Credential and Access Management
Sensitive Data Exposure(1) Data Breach(2) Insufficient Identity, Credential and Access Management
Missing Function Level Access Control(1) Data Breach(7) Advanced Persistent Threats
Cross-Site Request Forgery (CSRF)(2) Insufficient Identity, Credential and Access Management
Using Components with Known Vulnerabilities(2) Insufficient Identity, Credential and Access Management(3) Insecure Interfaces and APIs
Un-Validated Redirects and Forwards(2) Insufficient Identity, Credential and Access Management


Author: Mahendra Tallapaneni
Senior Test Engineer, Having Good Exposure on Information Security.