Cloud services under attack: closing virtual doors to cybercrime

Previous story:

Recur Club celebrates this month of March as #FeminaFirst Month to celebrate the contribution of female founders to the startup ecosystem

Cloud services under attack: closing virtual doors to cybercrime

Posted on March 14, 2022

By Ram Narayanan, Country Manager at Check Point Software Technologies, Middle East

With the new hybrid working model, we are seeing organizations increasingly shift their workload settings to the cloud. While this transformation offers great agility and scalability benefits, it comes with inherent and increased security and compliance risks. A single misconfiguration can expose your entire organization to hackers who no longer need to break into your data center to access your critical data or carry out ransomware attacks.

Gartner predicts that by 2025, 99% of cloud security issues will result from human error when configuring cloud assets and security. At a time when organizations are increasingly reliant on third-party cloud providers such as AWS, Microsoft Azure, IBM, and Google Cloud Platform to securely manage their data, concerns about misconfigurations and other vulnerabilities in the cloud are likely to increase rapidly. Additionally, many organizations at risk have had to accelerate their digital transformation initiatives at an uncomfortable pace over the past two years, resulting in knowledge and talent gaps that only add to their concerns about cloud security.

Under the Shared Responsibility Model – a security framework designed to ensure accountability for compromised data and other incidents – the cloud provider will offer basic cloud security, but it is up to the companies themselves to secure their own data in the cloud. In other words, while cloud providers ensure the city gates are locked and the perimeter is well guarded, it is still up to enterprises to ensure their own doors are locked. That’s no small feat, especially considering that many large enterprises now rely on three or four cloud platforms as part of a multi-cloud strategy.

Attacks against cloud service providers are on the rise

As noted in our 2022 Security Report, the past year has seen a tidal wave of attacks that exploit vulnerabilities in the services of the industry’s leading cloud providers. For the cybercriminals involved, the end goal is to gain complete control over an organization’s cloud infrastructure or, worse, an organization’s entire IT estate, including its proprietary code and records of his clients. Needless to say, this can have a devastating impact on affected businesses and they are right to be concerned.

The types of flaws discussed here are not logical or permissions-based flaws derived from an organization’s control policy that threat actors could use to gain unauthorized access and escalate privileges. This could at least be identified and dealt with by the organization in question. Instead, these flaws tend to be critical vulnerabilities within the cloud infrastructure itself, which can be much more difficult to guard against.

Take the OMIGOD flaw, for example, which broke the floodgates when it came to attacking cloud services in 2021. In September, four critical vulnerabilities were discovered in the Microsoft Azure software agent that allowed users to manage configurations in remote and local environments. An estimated 65% of Azure’s customer base was made vulnerable by this exploit, putting thousands of organizations and millions of endpoints at risk. Thanks to this OMIGOD flaw, hackers were able to execute arbitrary code remotely within an organization’s network and elevate root privileges, thus taking control of the network. As part of its September 2021 update, Microsoft fixed the issue but the automatic fix it released appeared ineffective for several days. Other flaws were exposed in Microsoft Azure’s cloud services throughout the year, including the “ChaosDB” vulnerability that allowed cybercriminals to recover several internal keys used to gain root privileges that would eventually allow them to manage databases and accounts of targeted organizations. Companies made vulnerable by this particular “open door” included Coca-Cola, Skype and even security specialist, Symantec.

It’s likely that there will be many more cloud provider vulnerabilities in 2022, but fortunately there are things within an organization’s control that can mitigate the risk.

Lock doors and enhance homeland security

Strengthening cloud security isn’t just about having the right products and services in place, it’s also about fostering a security-first mindset within an organization as a whole. Regardless of what a service level agreement between an organization and a cloud provider might say, it is ultimately the responsibility of the organization to ensure that its customer records and other important data are protected.

So, before moving critical workloads to the cloud, companies need to ensure that the “doors” to their applications and data are securely locked. This means refining identity and access management, implementing the principle of “least privilege” so that data is only accessible by humans and applications on a strictly necessary basis. It also means better network segmentation and the use of firewall technology to ensure that sensitive data can be properly partitioned and protected when needed.

Cloud security is complex, and with multi-cloud environments, it becomes even more complex. So consider consolidating all your cloud security across all cloud providers into a single solution that monitors all malicious activity and reduces workload by automating common tasks such as policy updates. In an ideal world, this would mean a security management approach across all of your cloud assets so you can monitor security incidents more closely and focus your efforts on those that matter most to you.

Any cloud security solution is only as good as the intelligence engine behind it. So ask your vendor how they stay on top of emerging and zero-day threats. At Check Point, we have the ThreatCloud which monitors millions of network nodes around the world and uses more than 30 artificial intelligence technologies to identify threats in real time so they can be blocked before they do. reach your cloud, or even the on-premises network or the end user. devices.

Finally, introduce security at the very beginning of application development. You don’t want security controls to unduly slow down your DevOps and delay application deployment, but you can’t afford to take security shortcuts either. A DevSecOps approach that allows you to scan code for misconfigurations or even malware as part of the DevOps process will ensure you don’t “buy in” vulnerabilities from the start.

The move to the cloud will only accelerate as organizations realize the benefits it brings in terms of competitive advantage, agility and resilience. So now is the time to take a responsible approach to security and compliance and strengthen the security of your cloud. It’s a difficult and complex task, but the good news is that there are not only solutions to lock down your cloud network, but also ways, using AI and automation, to reduce the workload of detection and prevention of threats, even those that have not yet been designed. Finally, it can be done at speed…. everything is in the cloud!

Comments are closed.