It happens several times a week—52 weeks a year.
PR agencies contact SecureWorld writers about an unsecured data bucket in the cloud that potentially exposed thousands, hundreds of thousands, or even millions of data records.
"And if you are covering this story today," the PR person says, "here is a quote from cybersecurity firm XYZ on the mistakes the company made."
It's a sign of the times, isn't it?
Everyone seems to be in the cloud, and misconfigurations seem to be everywhere.
However, they are far from the only cybersecurity vulnerability in the cloud. And the U.S. National Security Agency (NSA) recently issued a key document that can help keep your data and services in the cloud secure.
The NSA says there are four classes of security vulnerabilities in the cloud. This includes supply chain vulnerabilities, shared tenancy vulnerabilities, poor access controls, and yes, misconfigurations.
This NSA chart shows the prevalence of the cloud security vulnerability versus the skill level required to exploit it:
Let's take a look at each of these.
The NSA says misconfigurations are the most common type of cloud security vulnerability. These really hurt because they are self-inflicted.
At SecureWorld cybersecurity conferences, leaders have told us repeatedly that misconfigurations most likely result from a lack of training and/or a lack of understanding around the shared model of cybersecurity in the cloud.
We've also previously written about a single toggle to secure AWS S3 buckets. And the NSA lists a host of things you can do to avoid this vulnerability.
For organizations to enforce least privilege, administrators should at minimum:Another prevalent cyberattack in the cloud has to do with vulnerabilities around access control. Often this is due to weak authentication or authorization methods or is linked to vulnerabilities that bypass these methods.
The National Security Agency shared a couple of recent examples that federal agencies investigated:
Here is what the NSA says are best practices for access control security in the cloud:
Now, let's look at a more rare security vulnerability in the cloud that takes a high level of skill to exploit; it's called shared tenancy.
As you are probably aware, cloud platforms involve a number of software and hardware components. Adversaries who are able to determine the
software or hardware used in a cloud architecture could take advantage of known vulnerabilities and elevate privileges in the cloud.
Security researchers have demonstrated possibilities in this area. And now the NSA says it has compiled this list of best practices to mitigate the risk from this type of sophisticated attack. These involve separating resources:
This fourth class of attack against the supply chain is rare, sophisticated, and mainly the responsibility of cloud service providers, according to the NSA.
It lists a couple of examples of supply chain security threats, although these are not specific to the cloud:
The CCleaner attack, which used millions of infections to download just a few cyberattacks, also seems like it could be on the list.
We won't cover the supply chain vulnerability mitigations here, however you can read more in the NSA Advisory: Mitigating Cloud Vulnerabilities.