What are Cloud Security Threats?

The high volume of data flowing between organizations and cloud service providers generates opportunities for accidental and malicious leaks of sensitive data to untrusted 3rd parties. Human error, insider threats, malware, weak credentials and criminal activity contribute to most cloud service data breaches. Malicious actors, including state-sponsored hackers, seek to exploit cloud service security vulnerabilities to exfiltrate data from the victim organization’s network for profit or other illicit purposes.

In general, the features that make cloud services easily accessible to employees and IT systems also make it difficult for organizations to prevent unauthorized access. However, the security challenges introduced by cloud services have not slowed the adoption of cloud computing and the decline in on-premise data centers. As a result, organizations of all sizes need to rethink their network security protocols to mitigate the risk of unauthorized data transfers, service disruptions and reputational damage.

Cloud services expose organizations to new security threats related to authentication and public APIs. Sophisticated hackers use their expertise to target cloud systems and gain access. Hackers employ social engineering, account takeover, lateral movement and detection evasion tactics to maintain a long-term presence on the victim organization’s network, often using the built in tools from the cloud services. Their goal is to transfer sensitive information to systems under their control.

Cloud services have transformed the way businesses store data and host applications while introducing new security challenges.

1. Identity, authentication and access management – This includes the failure to use multi-factor authentication, misconfigured access points, weak passwords, lack of scalable identity management systems, and a lack of ongoing automated rotation of cryptographic keys, passwords and certificates.
2. Vulnerable public APIs – From authentication and access control to encryption and activity monitoring, application programming interfaces must be designed to protect against both accidental and malicious attempts to access sensitive data.
3. Account takeover – Attackers may try to eavesdrop on user activities and transactions, manipulate data, return falsified information and redirect users to illegitimate sites.
4. Malicious insiders – A current or former employee or contractor with authorized access to an organization’s network, systems or data may intentionally misuse the access in a manner that leads to a data breach or affects the availability of the organization’s information systems.
5. Data sharing – Many cloud services are designed to make data sharing easy across organizations, increasing the attack surface area for hackers who now have more targets available to access critical data.
6. Denial-of-service attacks – The disruption of cloud infrastructure can affect multiple organizations simultaneously and allow hackers to harm businesses without gaining access to their cloud services accounts or internal network.

Attackers have two avenues of attack to compromise cloud resources:

1. The first is through traditional means, which involves accessing systems inside the enterprise network perimeter, followed by reconnaissance and privilege escalation to an administrative account that has access to cloud resources.
2. The second involves bypassing all the above by simply compromising credentials from an administrator account that has administrative capabilities or has cloud services provider (CSP) administrative access.

When a main administrative account is compromised, it is far more detrimental to the security of the cloud network. With access to an administrative account, the attacker does not need to escalate privileges or maintain access to the enterprise network because the main administrative account can do all that and more.

This poses the question: How can the organization properly monitor misuse of CSP administrative privileges?

It is no longer enough to identify a suspicious login attempt to protect your cloud network. Modern day, sophisticated hackers are able to access an account through social engineering exploits, such as phishing. It is now essential to monitor the behavior of accounts that are already logged into and detect any suspicious activity.

Protect your network with Vectra’s AI-powered Cognito platform. Designed for threat hunting and detection helps your cybersecurity team stay proactive against sinister threats attempting to penetrate your network. Vectra Cognito Recall is the best solution for investigating and preventing cloud security threats.