In the past few years, the focus of enterprises on cloud computing has been a simple transition. However, as IT organizations ran some independent applications and workloads, they began to find that adopting cloud computing was only the first step in their career adventures. Researchers surveyed 100 IT decision-makers in companies with 500 or more employees. 85% of respondents said they have adopted cloud computing infrastructure, and 80% of respondents stated that their company will have at least quarter applications and workloads moved to the public cloud. But as more and more applications begin to be deployed on a large scale in the cloud, a number of new issues arise. Not surprisingly, the survey found that the most important cloud computing issue was security (68%).
- API Attacks: The exposure of API credentials or misconfigured API is one of the most common methods to access clouds. When an attacker gets one of the access keys, they use it on a host or platform under their control and execute API calls for malicious action or privilege escalation. Usually, keys are exposed via GitHub, BitBucket, shared images, and snapshots.
- Misconfiguration Mishaps: Misconfigured databases and servers are in large part another reason for risk to data stored in clouds. This misconfiguration often arises due to the lack of passwords or unpatched servers. Attackers always look out for well-known vulnerabilities in servers to deploy ransomware and backdoor to mine cryptocurrencies or steal sensitive data.
- Server-Side Request Forgery (SSRF): Server-Side Request Forgery is another growing issue in cloud environments. SSRF is a threat due to the use of metadata API, which lets application access configurations, logs, credentials and other information in the underlying cloud infrastructure. The vulnerability, if exploited, could enable an attacker to move laterally and conduct network reconnaissance.
- Shared Lease Vulnerability: The cloud platform uses multiple software and hardware components to form a larger attack surface. In multi-tenant environments such as the cloud, a vulnerability could allow an attacker to compromise other tenants on the same host. Mitigating measures for shared tenant vulnerabilities involve using a security mechanism provided by a cloud service provider (CSP) to separate organizational resources from other cloud tenants.
- Supply Chain Vulnerabilities: Probably the most common because they reside in source hardware and software from global vendors and countries. As a supplier, administrator, or developer, inserting agents into the cloud supply chain can be an effective way for attackers to disrupt the cloud environment. Cloud service providers are primarily responsible for detecting and mitigating supply chain attacks against cloud platforms.
According to the National Security Agency (NSA),
“With careful implementation and management, cloud capabilities can minimize risks associated with cloud adoption, and empower customers to take advantage of cloud security enhancements. Customers should understand the shared responsibility that they have with the CSP in protecting the cloud. CSPs may offer tailored countermeasures to help customers harden their cloud resources. Security in the cloud is a constant process and customers should continually monitor their cloud resources and work to improve their security posture.”
Contact LIFARS Immediately Before