Top 3 Cloud Attacks You Should Know About

Nowadays there are very few operations that don’t use some form of Cloud computing. Cloud technology enables businesses to accelerate their digital transformation journey, transform their interactions with customers, employees and partners, and to become more competitive.

During the pandemic, businesses quickly turned to the Cloud to ensure business continuity and to stay competitive during a period of unprecedented disruption. However, the rapid shift to Cloud introduced new security risks, some of which continue to go undetected and unaddressed.

If you proceed from this compromised position or start your journey without a well-formed Cloud security strategy and the proper support you could be unwittingly leaving the door open to malicious cyber threat actors.

As your Cloud environment grows, so too does your attack surface. The incorporation of more Cloud tools, third-party suppliers, and increased device connectivity across your business can lead to the formation of security gaps in your network’s defences.

To help you better understand the cybersecurity threats your Cloud environment faces, we will explore the top 3 Cloud security attacks.

1 – Data theft at scale

One of the major benefits of Cloud is the ability to store, share and access data easily however, as data becomes more accessible and moves further away from the relative security of the data centre, it is at greater risk of being accessed by unauthorised individuals. Using public links or setting cloud-based storage spaces to public makes it accessible to anyone with knowledge of the link.

Tools exist specifically for searching the internet for unsecured Cloud deployments, making it even easier for threat actors to discover and exploit these security gaps. Without the proper access policies in place, attackers can easily steal gigabytes of your data in seconds, and worse, if access is not logged you may not even realise you’ve been robbed until it’s too late.

2 – Access Brokerage at Scale

Initial access brokers (IABs) are cyber threat actors who specialise in breaching organisations with the goal of selling that privileged access to other cyber criminals such as ransomware gangs or espionage groups. As more and more businesses move their corporate infrastructure to the Cloud, the resale of Cloud root keys, access to Kubernetes management nodes, and Cloud services is on the rise.

IABs are shifting their focus from the opportunistic compromise of one-off internet-facing assets for resale as proxies, to targeting corporate networks and the resale of access to Cloud management accounts and related infrastructure.

Before Cloud became as prevalent as it is today, IABs typically achieved their ends by compromising Remote Desktop Protocol (RDP) boxes or web shells and then selling access. Now, cyber threat actors can target every user of a domain services app via API and pick up a whole host of domain admin accounts.

For example, they could target every Office 365 user within an organisation using the same fake login page or target multiple misconfigured AWS admin panels – it’s easy to see how this sort of attack can be scaled quite easily in a Cloud enabled world.

3 – Supply chain attack to achieve dominance and scale

In today’s digitally enabled and interconnected world, businesses are ever more reliant on third-party suppliers for their operations. This increasing reliance combined with the inclusion of more third-party suppliers into their networks, is putting businesses at a growing risk of a third-party supply chain attack.

Typically, a supply chain attack exploits the implicit trust between organisations that do business together. Attackers will always go after the weakest link the chain of trust, and one breach in a supply chain can be like giving an attacker the key to the kingdom.

In the world of Cloud, through a single-entry point attackers can access sensitive data across thousands of organisations, or unrestricted access to their networks with potentially wide and damaging consequences. For example, if one of your vendors has a security gap in the form of a Cloud misconfiguration, an attacker could exploit this to use the vendor’s network to gain access and from their pivot into your network using that trusted relationship.

What controls can be put in place to remediate these issues?

To effectively manage your Cloud network, whether it’s a single or multi-cloud environment, you need to establish visibility and control. Organisations should be assessing their resources and business needs to ensure that they securely deploy the right Cloud solutions so that their Cloud environment doesn’t outstrip their IT-teams capacity.

Adarma’s Cloud security specialists can help you implement the appropriate controls, establish effective threat management, and strategically plan your workload deployment. Our Managed Detection and Response for Cloud service ensures you are monitoring your entire Cloud environment and can quickly detect, respond to and remediate risks to ensure that your Cloud deployments are not introducing additional business risk.

For more advice and tips on how to manage your exposure in a Cloud-smart world, please see our 4-part Cloud Security series.

– Cloud Security Part 1: Understanding Your Attack Surface

– Cloud Security Part 2: Understanding & Managing Third Party Risk

– Cloud Security Part 3: Identifying Cloud Misconfigurations & How to Fix Them

– Cloud Security Part 4: 6 Key Security Monitoring Concepts

To find out more about Adarma and how we can help you to secure your cloud environment, please contact us.

Stay up-to-date with the latest threat insights from Adarma by following us on Twitter and LinkedIn.