For weeks, cybersecurity experts and government agencies have been urging organizations to reinforce their cyber-defenses as a result of elevated risk of cyberattacks amid Russia’s invasion of Ukraine. Meaning not solely enhancing detection and response for rising threats, but in addition constructing stronger resilience into infrastructure in order that it might probably higher face up to assault. This could be a big enterprise. After two years of digital transformation during the pandemic, many organizations have a a lot bigger attack surface right now than they did pre-COVID.
Cloud assets are notably weak as many have been by chance misconfigured and sit uncovered, with out safety. As such, on-line databases and storage buckets may very well be a lovely goal for attackers ought to fears over cyberattacks escalating past the battle in Ukraine materialize. In reality, researchers have already noticed raids on cloud databases in current weeks, and there are many risk actors on the market ready to take benefit.
The worth of the general public cloud
Cloud methods are more and more the bedrock on which digital transformation is constructed. They supply a comparatively low price, scalable and versatile method to retailer and handle knowledge – with a decrease administration burden for IT, built-in catastrophe restoration and anyplace, anytime entry. As a backend for functions, databases saved within the public cloud might comprise:
- Enterprise-critical company knowledge
- Personally identifiable info belonging to staff and clients
- Extremely delicate IP and commerce secrets and techniques
- IT/admin info corresponding to APIs or encryption keys, which may very well be leveraged in future assaults
It goes with out saying that if any of this knowledge discovered its means into the incorrect arms, it may very well be vastly damaging for a sufferer group, probably resulting in regulatory fines, authorized prices, IT extra time prices, misplaced productiveness and gross sales, buyer churn and reputational harm.
The issue with cloud databases
The problem is that cloud storage and databases are simply misconfigured. And as soon as left uncovered, they may very well be comparatively simply discovered with off-the-shelf web scanning instruments. This exemplifies the problem defenders have: they should get safety proper each time, whereas attackers want solely get fortunate as soon as.
The problem is especially acute given the complexity of recent enterprise cloud environments. Most organizations are working a mixture of on-premises and public/non-public clouds, and investing with a number of suppliers to unfold their threat. One report suggests 92% have a multi-cloud technique, whereas 82% are investing in hybrid cloud. It’s tough for IT groups to maintain up-to-speed with the performance of 1 cloud service supplier (CSP), by no means thoughts two or three. And these CSPs are continuously including new options in response to buyer requests. Whereas this gives organizations with an enormous set of granular choices, it arguably additionally makes it more durable to do the easy issues effectively.
It’s particularly problematic for developer or DevOps groups, which frequently don’t have specialised safety coaching. A recent analysis of over 1.3 million Android and iOS apps, revealed that 14% of these which used public cloud companies of their backend have been exposing consumer info by way of misconfigurations.
As mentioned in a earlier article, cloud misconfiguration can take many kinds, the commonest being:
- Lacking entry restrictions
- Safety group insurance policies that are too permissive
- An absence of permissions controls
- Misunderstood web connectivity paths
- Misconfigured virtualized community capabilities
Cloud methods are already being focused
Within the occasion of an escalation in hostilities, uncovered cloud methods can be a pure goal. Many are comparatively straightforward to find and compromise: for instance, accounts left open with out encryption or password safety. In reality, researchers have already observed some exercise of this type – on this case, focusing on cloud databases situated in Russia.
Out of a random pattern of 100 misconfigured cloud databases, the analysis discovered that 92 had been compromised. Some had file names changed with anti-war messages, however the largest quantity have been utterly wiped utilizing a easy script.
The chance to Western organizations is, due to this fact, of:
Recordsdata held to ransom: Recently published intelligence means that pro-Russian cybercrime teams are gearing as much as assault targets. They could mix hacktivist-style focusing on with ways designed to monetize assaults. The contents of cloud databases have been held hostage many times before.
Harmful assaults: As has already been noticed, it’s comparatively straightforward to wipe the contents of cloud databases utterly, as soon as accessed. The script detected in current pro-Ukraine assaults is alleged to have resembled that used within the infamous “Meow” attacks of 2020.
Information leakage: Earlier than wiping knowledge utterly, risk actors might look to investigate it for any delicate info, and leak that first in an effort to maximize the monetary and reputational harm inflicted on sufferer organizations.
Methods to safe your cloud databases
Tackling the cloud misconfiguration problem is, sadly, not as straightforward as flicking a change. Nevertheless, there are a number of adjustments you may make right now to assist mitigate the dangers highlighted above. They embody:
- Shifting safety left in DevOps, by constructing automated safety and configuration checks into the event course of
- Repeatedly managing configuration settings, with cloud safety posture administration (CSPM) instruments
- Utilizing CSPs’ built-in instruments for monitoring and safe administration of cloud infrastructure
- Utilizing coverage as code (PaC) instruments to robotically scan and assess compliance posture within the cloud
- Encrypting delicate knowledge as normal, in order that if entry controls are left misconfigured, hackers can’t view what’s inside
As cloud infrastructure grows, so does the cyberattack floor. Battle or no struggle, these greatest practices ought to be utilized to mitigate mounting cyber threat.