In Skybox Security’s 2019 Vulnerability and Threat Trends Report, one of the key findings was the impact cloud networks could have on the attack surface.
Cyberattackers Targeting Cloud Infrastructure
Security of cloud networks — the responsibility of the cloud service provider (CSP) — is relatively strong. However, security within the cloud — the responsibility of the client — is a bit fuzzier. Cloud transformations have created fragmented environments in enterprises, where misconfigurations and other security issues can abound. So while entry to the cloud may be a higher bar, attackers could be banking on enterprises being ill-prepared, under-resourced and disjointed enough to infiltrate.
Additionally, there’s an underlying concern in the cybersecurity community that if attacks on CSPs are successful, hackers could rapidly impact a vast number of organizations across the globe. With no cloud-focused international protocols, this concern is likely to endure.
The cloud may have strong armor, but it’s not bulletproofed. If there’s a soft spot for hackers to aim at, they’ll fire.
Cloud Demand Will Explode in 2019
Attackers are going to have plenty opportunity for target practice in cloud networks. Investment in cloud networks has been identified as the top technological priority for businesses in 2019, with 37 percent of enterprises highlighting the cloud as their number one concern — just ahead of cybersecurity at 35 percent. When it comes to the priorities of government CIOs, a recent Gartner report shows that this percentage rises to 39 percent, making cloud their third most important focus after cybersecurity and business intelligence.
2019 will see an avalanche of cloud migrations and, with them, an increase in confusion about how best to secure the new networks. Because the technology is still relatively new, understanding how to translate traditional security measures to cloud environments — and efficiently manage security in these hybrid environments — is a major challenge. As such, cloud networks may be secure by design, but in reality, the implementation is much less perfect.
Misconfigurations Key Source of Risk in Cloud Networks
Another significant reason behind the impending increase in cloud attacks is the human factor. Humans have long held the honor of the weakest links in cybersecurity. In complex and dynamic cloud networks, human error is often reflected in misconfigurations of access points and key management, making cloud servers vulnerable to breaches. Correct configuration of cloud servers often requires complex, specialized knowledge and training; without it, well–meaning professionals will likely make configuration mistakes.
Finding professionals with the proper knowledge and training is growing increasingly difficult.
A recent report from (ICS)² reveals that the cyber skills shortage crisis has reached perilous levels, indicating that there is a global gap of nearly 3 million cybersecurity positions. To give some perspective on how big this problem is, the estimate that (ICS)² gave in 2017 for how many unfilled cybersecurity positions would exist by 2020 was 1.5 million … and we’re only at the start of 2019.
It doesn’t help that the demands landing on the CISO’s desk are increasing, that the networks they are tasked with securing are multiplying, that cybercriminals are industrializing, and the breadth of skills required to protect the attack surface is expanding. Combine a stretched workforce with a lack of specific cloud security expertise, throw in pressure from the business to rapidly spin up and secure new cloud environments, and you have the perfect storm. Mistakes will be made. Security posture will worsen. Attacks will happen.
Prepare for a Rainy Day
To strengthen cloud security in infrastructure as a service (IaaS) environments, where clients have a great deal of control of security measures implemented, addressing misconfiguration issues is a major factor. To reduce risky misconfigurations:
- Don’t assume that the cloud incarnation of a program will behave in the same way as the local version — follow the provider’s guidance for development and deployment to avoid preventable pitfalls
- Enforce strict multi–factor authentication and be stringent with the authorization of managed policies
- Make sure to have backup policies in place and manage them properly — if you have too many, you’re exposed to leakage; too few, and you’re exposed to loss
- Continuously and thoroughly test your cloud infrastructure; model the network infrastructure and incorporate vulnerabilities and threat intelligence to gain an accurate view of how susceptible you are to attacks
Cloud Networks and Cryptomining
In February 2018, Tesla’s Amazon Web Services (AWS) cloud system was infiltrated via a vulnerable Kubernetes console. The incident was swiftly rectified, and with little enduring impact; Tesla shared that the attack was, “limited to internally-used engineering test cars only … [with] no indication that customer privacy or vehicle safety was compromised.” But this high-profile breach shone a light on an increasingly lucrative and popular branch of cybercriminality — malicious cryptomining.
The rise in cryptomining, cloud security risks and much more are explored in the 2019 Vulnerability and Threat Trends Report. Stay tuned to The Skybox View for more insights or download your copy of the report today.
Cryptominers Surpass Ransomware as Most Widespread Cybercrime Malware: Report shows malicious cryptominers and ransomware trading places in attack popularity between the last half of 2017 and first half of 2018
Security Automation: Can it Fix What Ails Enterprises Cybersecurity Programs? New security automation survey reveals many organizations struggling with core security issues, yet automation initiatives driven by cost-cutting concerns