According to market research firm Gartner, public cloud computing services will grow to a $266.4 billion industry in 2020. This number represents a 17% growth over the previous year. A research vice president at Gartner stated that, “At this point, cloud adoption is mainstream.” Cloud application services comprise the largest market segment. Global revenue for this segment is predicted to reach $116 billion this year, up from $99.5 the previous year. While the numbers are promising, the cloud brings along all sorts of unique cyber threats and unforeseen security challenges.
The world is changing with a host of new and emerging technologies, which include 5G networks, IoT-embedded devices with edge networks, even unmanned, autonomous vehicles. The new tech is bringing a huge amount of data to the cloud. Forbes projected that between 2018 and 2025, 22 zettabytes of storage will be generated, a majority of that stored in the cloud. Keep in mind that 1 zettabyte is equivalent to 1 billion terabytes or 1 trillion gigabytes, and so forth.
With all the data migration and rapid growth of the cloud, there’s no question that malicious actors view the cloud as lucrative, attractive target. Hackers are finding ways to perfect their techniques to infiltrate cloud attack surfaces and steal your data.
Read our article on how the finance industry is increasingly migrating to the cloud.
New Threats Emerge That Are Higher Up in the Technology Stack
There has been misunderstanding as to which entity is responsible for storage on the cloud. To clarify, cloud service providers are responsible for securing what is stored on the cloud. Customers are responsible for security what they put in the cloud. According to the Cloud Security Alliance report, “Top Threats to Cloud Computing – The Egregious 11,” former threats – e.g. denial of service, and CSP data loss – that were under the responsibility of cloud service providers (CSPs), are outranked by new threats located higher up the technology stack. As more organizations become competent at securing cloud architectures, it is crucial to be mindful of the following cloud cyberattack techniques.
5 Cloud Attack Techniques Hackers Use to Access Data
Credential Stuffing Attack
It’s a threat that’s been around before everyone started adopting the cloud, but the credential stuffing attack is still a problem security architects are having a hard time handling. Credential stuffing occurs when hackers leverage the power of API to initiate an account hijack, with high probability of infiltration. APIs were, after all, created to automate communication between data and facilitate communications between apps. This specific attack is one of the most frequently used by hackers, with the proliferation of microservices and containers that rely on APIs to interact with one another.
To fend against credential stuffing attacks, set rate limiting for authentication attempts, also known as throttling attempts. However, hackers can work around this by configuring scripts to submit requests at a slower rate that prevents blocking. Hackers are also relying on login failure notifications to identify which usernames do and do not exist, using the data to tweak credential lists and increase probability for success. More and more, organizations are relying on the principle of zero trust to embolden security. The concept asserts that organizations should not trust anything inside or outside its perimeters without verification.
According to Starbucks global CISO Andy Kirkland in a talk at this year’s RSA Conference, misconfiguration is in large part, or at least in some part, “the rebranding of shadow IT.” Attacks associated with misconfiguration occur due to incorrect setup of information assets, such as when an organization fails to safeguard their data in the public cloud. Sensitive data may be stored and inadequately guarded. In constant search for attack vectors, hackers rely on misconfigurations to collect targeted data. According to the CSA, examples of misconfiguration include:
- Insecure data storage elements or containers
- Excessive permissions – the opposite of following the principle of least privilege
- Unchanged default credentials and configuration settings
- Disabled standard security controls
Cloud environments can be complex to configure, but best practices for security is key to easing architecture from threats. Conduct continuous assessments and pay special attention to object-level permissions. When you change bucket-level permissions, it doesn’t always change object-level permissions.
Threat modeling can help organizations to map out their cloud architecture, and uncover attack vectors that stem from misconfiguration. ThreatModeler’s integration with AWS, for example, enables automated analysis of AWS service architectures to identify security threats. Once identified, teams can determine the security controls that need to be prioritized for mitigation.
Crypto Cloud Mining
Cryptomining malware, cryptocurrency mining malware or simply cryptojacking, refers to software programs and malware components developed to take over a computer’s resources and use them for cryptocurrency mining without a user’s explicit permission. More crypto-miners have started using malware to target enterprises, with the cloud an attractive target due to its nearly limitless computing power. Sadly, this power can go unsecured. Cybercriminals trying to access to the cloud will use cryptomining to obtain credentials, insert a cryptominer and connect to the network to steal information.
Attackers are taking steps to conceal their activity. Hackers have departed from the “grab everything on the system” approach, since targets might take notice. Instead, they are throttling activity to fly under businesses’ radar. To protect yourself, make sure to secure your credentials. Employ the principle of least privilege to restrict user access to information resources. Take extra precaution to secure hosts from unwanted exposure.
Server-side Request Forgery
Server-side request forgery (SSRF) is a serious attack technique and a fast-growing concern in cloud environments. According to OWASP, the cybercriminal can take advantage of server functionality to review and manipulate internal resources. SSRF is a danger because hackers can provide or access URLs, read configuration data, and infiltrate further to internal services without authorized access. For example, a bad actor can compromise logs, credentials, and other data in the cloud infrastructure. If misused, this data can facilitate further attack surface intrusion and data compromise. Specifically, the attacker can execute an API call to escalate privileges or take further malicious actions.
To secure against SSRF, limit remote resource fetching to permitted domains and protocols that can be outlined on a whitelist. Prevent direct user input to functions where server access occurs.
Brute Force Attacks
A brute force attack is an activity which involves repetitive consecutive attempts to hack into a cloud infrastructure using multiple password combinations. Intruders may make use of bots they have already installed to farm the computing power and cause more damage.
Brute-force attacks may begin with phishing emails crafted with links to malicious pages containing malware to compromise cloud infrastructure and accounts. Pop-ups may prompt victims to enter their usernames and passwords into fake login pages for cloud applications.
Read our article on securing against dictionary and brute force attacks.
ThreatModeler Secures Your Cloud Infrastructure Through Attack Surface Analysis
ThreatModeler, the industry’s leading pioneer in automated threat modeling, can help to secure your cloud AWS infrastructure by automatically informing teams about the attack vectors that hackers can leverage to stage a cyberattack. ThreatModeler helps organizations to achieve secure CDLC due to its ability to analyze cloud architectures and provide actionable output, which secures and scales across enterprise clouds. ThreatModeler has integrated with AWS on several fronts, to ensure that cloud security architects can:
- Identify threats
- Ensure proper access management
- Achieve security and policy compliance and more
ThreatModeler is a healthy, holistic part of any secure CDLC effort, providing insights and clear instructions on securing your attack surface. To learn more about how it can benefit your CDLC, schedule a live demo. You can also contact us to speak with a threat modeling expert.