Triskele Labs Blog

Cloud cyber attacks: The latest cloud computing security issues

Written by Nick Morgan | Oct 7, 2021 2:52:59 AM

The popularity of cloud computing has seen a meteoric rise in recent years, thanks to big players like Amazon, Google, and Microsoft, who all provide cloud computing platforms.

The technology, which began as a backup storage option, has now become an all-inclusive computing platform that has fundamentally altered the way organisations use, store, and share information.

As cybersecurity professionals are aware, however, anything that becomes popular in the digital world will inevitably become a target of malevolent cyber actors—and cloud computing platforms are no different.

In recent years, the number of attacks on these platforms has increased rapidly. Incidentally, cloud cyber attacks accounted for 20% of all cyber attacks in 2020, making cloud computing platforms the third most-targeted cyber environment.

All of this begs the question: Are cloud computing cyber attacks the latest cloud computing cybersecurity issue? 

Unfortunately, the answer is yes.

Fortunately, as cybersecurity professionals, we know that any cyber threat, including threats to the cloud infrastructure, can be mitigated with adequate security controls and practices.

In this post, let’s look at some of the biggest data breaches in recent times, what causes these breaches in cloud cybersecurity, and how organisations can prevent these from occurring in 2021 and beyond. 

What is a cloud attack?

First and foremost, it’s important to understand what constitutes a cloud cyber attack.

Any cyber attack that targets off-site service platforms that offer storage, computing, or hosting services via their cloud infrastructure can be classified as a cloud cyber attack. This can include attacks on service platforms that utilise service delivery models like SaaS, IaaS, and PaaS.

What are the largest cloud attacks in recent years?

  • CAM4—2020

CAM4 is an adult live streaming website that fell victim to a cloud cyber attack in March 2020 that exposed 10.8 billion sensitive entries amounting to 7 TB of data. The leaked database included location details, email addresses, IP addresses, payment logs, usernames and more.

  • Advanced Info Service (AIS)—2020

The AIS data breach was discovered by cybersecurity researcher Justin Paine when browsing BinaryEdge and Shodan. According to Paine, the leaked database included 8.3 billion network flow logs and DNS query logs of AWN customers of the Thailand-based telecommunications company.

  • Keepnet Labs—2020

One of the more ironic cloud data breaches of 2020, the Keepnet Labs data breach involved a leaky ElasticSearch database that contained entries that were previously exposed by various data breaches across the globe. The database included two data collections containing 5 billion and 15 million entries respectively.

  • Microsoft—2019 

On January 22, 2020, Microsoft announced that one of their cloud databases was breached back in December 2019, resulting in the exposure of 250 million entries, including email addresses, IP addresses, and support case details.

According to the computing giant, the cause of this data breach was a misconfigured network server that was hosting the critical information. While this is not the biggest, it was one of the most shocking cyber attacks due to the high-profile nature of the target.

The causes of cloud computing cyber attacks

According to McAfee, data in the cloud may just be more vulnerable than data on on-site servers. These vulnerabilities are compounded by lapses across both Cloud Service Providers (CSPs) and end-users.

Misconfiguration

CSPs provide different tiers of service depending on how much control an organisation needs over their cloud deployment. These offerings include Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).

Organisations have to configure these deployments according to their requirements to ensure more robust cybersecurity.

Unfortunately, most companies do not have an adequate cloud security posture to ensure the safety of these services, leading to vulnerabilities in deployment. According to IBM, misconfigured servers are responsible for 86% of compromised records.

Knowledge of the specific deployment you’re using will help you configure it according to your security needs with the security tools provided by CSPs.

Compromised user accounts

Weak password protocols are a leading cause of compromised user accounts. Many users who work with cloud services do not have strong password protection, as they either use weak passwords, reuse older passwords or don’t change their passwords regularly.

As cybersecurity professionals, we encourage users to change their passwords regularly, at least once every 60–90 days.

API vulnerability

CSPs provide application programming interfaces that allow users to interact and work with their cloud computing service. These APIs include extensive documentation to allow users to understand and use them effectively.

This documentation, however, can be obtained by hackers too and can be used to exploit the APIs to gain access and exfiltrate sensitive data stored in the cloud.

Also, any vulnerabilities in the integration and configuration of these APIs will leave a backdoor open for cybercriminals to exploit.

Eliminating security oversights in the implementation and configuration of APIs can be done by sticking to the documentation. Organisations also need to strictly monitor the functioning of the APIs to identify any vulnerabilities.

Malicious insider activity

Even if organisations implement the most secure cyber ecosystem, a malicious user can negate these security protocols and leak critical information.

The activities of malicious insiders are often hard to detect as they might already have access to critical information. In fact, over the last few years, the number of security breaches as a result of insider threats has seen a sharp upturn.

To negate insider threats, organisations can implement stringent access controls to limit the amount of information accessed by individuals inside your organisation.

Prevent cloud cyber attacks by implementing powerful cloud security measures

Every day, a greater number of organisations adopt cloud services to facilitate their move to a remote work environment and increase collaboration between global team members.

As adoption increases, so do the vulnerabilities. By understanding cloud security basics and some of the most common vulnerabilities that occur therein, we can limit our risk of becoming a target of cloud cyber attacks.