From ransomware to crypto mining, keeping up with the rapid evolution of threat vectors in the cloud security landscape is no easy task.
To help make sense of these latest shifts, Eric Bauer, Director of Cloud Security at Procter & Gamble, recently shared his insights alongside Wiz’s Director of Data and Threat Research, Alon Schindel.
Together, these experts talked about which cloud security risks were of greatest concern. Here’s how those threats stacked up.
API attacks are the number one worry for cloud security practitioners
APIs are now everywhere, thanks to their ability to seamlessly connect different systems and data sets. For example, an API can give a customer access to their banking details via a banking app, or give company employees access to internal systems such as inventory management.
But as Schindel puts it, while APIs make it easier to get things done, they add a level of insecurity on the cloud. That means this digital doorway is being increasingly exploited by criminals looking for an easy way to access critical networks.
For example, hackers can access APIs if object-level permissions are not activated properly when APIs are configured. This backdoor can be closed by ensuring rigorous authorization policies are in place and all logged-in users are authenticated.
As Bauer notes, it’s worth investigating API-specific security tools, especially for large companies who have multiple APIs exposed, so that you have “something that can correlate all that information and then be able to provide useful remediation steps, or see all the vulnerabilities there, and see what's been misconfigured, because the number one vulnerability for the cloud is things that are misconfigured.”
Cloud ransomware – a shift in focus from on-prem attacks
Bauer issued a stark warning: get your cloud ransomware response wrong and you don’t just risk having your data encrypted by a criminal, you could lose access to an entire cloud environment.
Once cloud ransomware hackers gain entry to their victim’s cloud environment, they create their own set of security keys and lock the legal owner out until they pay the ransom, often to devastating effect.
Schindel says that criminals are acutely aware that cloud security is a real challenge for many organizations. This is due to a security skills gap, as well as the complexity of cloud architecture. Unlike on-prem environments, it is also impossible to completely isolate cloud environments behind a firewall, because administrators need access via the internet.
“You have to take into account that every cloud environment, how people access it is like all threat attacks,” says Bauer, “they can attack from any way that they can be accessed.”
The number one vulnerability for the cloud is things that are misconfigured.
Eric BauerDirector of Cloud Security, Procter & Gamble
Crypto miner attacks – silent but resource and budget-sapping
Crypto miners don’t want to steal data or extort money. They want to use your virtual servers to mine cryptocurrencies, draining your precious budget in the process.
There are many different ways crypto miners insert their malware onto a victim’s server - for example, through code embedded in a website or an email phishing attack. Once in place, the malware can be difficult to detect manually.
The answer, according to Bauer, is to deploy behavioral analytics with the aim of identifying unusual and unauthorized patterns of cloud server use triggered by crypto mining malware.
“Some of the most sophisticated cryptominers deploy their resources in the same way you do, so without a sophisticated behavioral analytics solution, it can be incredibly difficult to spot,” he says.
Better address threats by bridging skills gaps
In the face of such a complex threat environment, how can you ensure that your company is protected?
“As things get moved more into cloud, and we're across multiple clouds, the skill gap becomes greater,” says Bauer, “and especially if you are across multiple clouds, just having skills on the cloud sometimes isn't good enough, especially when you're needing to do forensic analysis or incident response.”
Because Bauer believes that regular InfoSec training is key to bridging that skills gap, his whole team at Procter & Gamble have monthly training days. Dedicated security team members are also tasked with protecting specific clouds to lessen any chance of exposure.
View the full CloudSec 360 session now for additional solutions to these challenges, as well as more industry-leading insights and analysis on the biggest cloud security threats for 2023.
