The Top Threats to the Cloud – Azure & the AWS

By Caleb Kwong | March 16, 2021

In these uncertain times, especially with that of COVID-19, many businesses across Corporate America are looking for new alternatives in which to not only protect their digital assets, but also their IT/Network infrastructures.  Because of this, they are now moving entirely to a Cloud-based platform, making use of the juggernauts known as Azure and the AWS.

While these platforms offer many types of advantages, they are also prone to security breaches. Consider some of these statistics:

*44% of threat variants are targeted towards the Cloud;

*There has been a 16% increase against the AWS, especially when it comes to their storage services;

*94% of all security breaches are targeted towards Web based applications that are hosted in the AWS;

*42% of “Cloud Formation Templates” consist of at least one type of configuration that is insecure;

*48% of the S3 buckets used in the AWS did not make use of server-side encryption;

*55% of those S3 buckets did not have any logging tools installed into them in order to keep track of any malicious or anomalous behavior.

(SOURCES:  1 &2).

The Threats

  1. Data Breaches:

These are the biggest threat variants out there right now. There are numerous ways in which this can happen, but the biggest culprit is leaving backdoors open in the platform as a result of poor configuration. The costs of these breaches can be quite staggering, reaching into the hundreds of millions of dollars.  Some tools that can be used to help prevent this from occurring include:

*Adoption of encryption technologies to protect data, especially those that are not being used (this is also known as “Data At Rest”)

*Making use of more sophisticated firewalls, such as the “Next Generation Firewalls:

*Using Multifactor Authentication (MFA)

*Implementing the Zero Trust Framework (in which nobody is trusted, both internally and externally to your company).

2. APIs:

Many software development teams are under enormous pressure to deliver Web-based applications, both on time and under budget.  Because of this, shortcuts are taken, especially when it comes to making use of APIs.  There are many open-sourced APIs available, but most of them are not updated often nor are they security tested in a sandboxed environment.  Because of this, many backdoors can be left open which go unnoticed. Once they are deployed into the AWS or Azure, this is the perfect way the Cyberattacker can move laterally in the Kill Chain in order to gain access to the crown jewels of a company.

We recommend that you Penetration Test the APIs that you want to incorporate into the Web-based application to mitigate this risk.  This is the best way to find those unknown weaknesses and vulnerabilities

3. Account Hijacking:

This occurs primarily when an employee of your company uses a weak or non-robust password to gain access to their part of the Virtual Machine (VM) or Virtual Desktop (VD).  Once the Cyberattacker has gained access to these login credentials, they can move covertly across other VMs and VDs laterally.

This is one of the oldest threat variants out there today, but the Cyberattacker has become so sophisticated that they will try any and all means to capture your employee’s passwords and other forms of Personal Identifiable Information (PII). The best tool to guard against this is a Password Manager.  This application will automatically create long and complex passwords and will log them so that your employees do not have to remember them. A Password Manager will even automatically reset passwords and notify your IT Security team in real-time if any kind of malicious activity occurs.

4. Insider Attacks:

This type of threat variant is difficult to track and is further exacerbated by everybody working from home (WFH).  It can be difficult to tell which users accessing the cloud are legitimate employees when they are logging in remotely. 

Implement the Principle of Least Privilege, in which your employees are given just enough access, rights, and privileges to do their daily job tasks to help prevent this threat. Make use of what is known as a Security Incident Even Manager (also known as a “SIEM”).  This is a software application that will let you monitor logging and network activity in real time.  The moment you detect any kind of suspicious behavior, you need to terminate that employee’s access immediately.

5. Lack of a Deployment Plan:

It is a fallacy to think that because Azure and the AWS are easy to use, it will be the same for migrating an entire IT/Network infrastructure. We recommend implementing a detailed plan with a phased approach before deploying assets into the Cloud. 

Conclusions

There are other threats we did not cover, which will be explored in future articles. If you are considering migrating to the Cloud, contact us today for any questions or help that you may need.

Sources

  1. https://www.darkreading.com/cloud/44–of-security-threats-start-in-the-cloud/d/d-id/1337088
  2. https://www.paloaltonetworks.com/state-of-cloud-native-security?utm_source=google-search&utm_medium=paid-search&utm_campaign=Cloud-Americas-EN-Search-Lead_Gen-NB-BMM-RTG&utm_content=state-of-cloud-native-security&utm_network=&utm_term=%2Bsecure%20%2Bcloud&sfdcid=7010g000001JFgUAAW&gclid=Cj0KCQjwjer4BRCZARIsABK4QeXuhszF1eIFftGF_52Xk3kpvPJ3Ur_df3i02PuEc7kl_yzPbU8gVw0aAp4wEALw_wcB
Posted in Cybersecurity

Leave a Comment

You must be logged in to post a comment.

This site uses Akismet to reduce spam. Learn how your comment data is processed.