How cybercriminals are preying on cloud configuration errors

As businesses continue to surge to the cloud, a lack of concrete guidance is leading to some pretty sizeable security flaws.
14 April 2020

A lack of clear guidance is leading to errors. Source: Shutterstock

Recent global circumstances have dictated a major shift toward cloud-based operations as businesses around the world begin to embrace remote working and off-premise operational practices in earnest.

With the rise of dependable public cloud services coinciding with the need to adopt remote IT processes at scale due to the health pandemic, many industries might be taking the opportunity to migrate some – and maybe even all – of their data, systems, and processes to cloud instances.

The movement syncs up with analyst predictions like those coming from tech industry portal Gartner, who has predicted that more than 75 percent of medium to large organizations will have adopted either a multi-cloud or hybrid IT strategy by 2021.

Such a rapid transition from offline to online services is bound to have its share of cybersecurity growing pains, even more so when nearly all IT and DevOps teams are currently encumbered by limitations working from home.

Cloud migration security risks

Security vulnerabilities have been identified in several key cloud computing areas, each posing a threat to the security of company credentials and confidential data.

Trend Micro’s cloud security report makes clear that a variety of cloud misconfigurations are the most prevalent source of security risks associated with the system – every day, in excess of 230 million cloud misconfigurations are identified on average.

“Cloud-based operations have become the rule rather than the exception, and cybercriminals have adapted to capitalize on misconfigured or mismanaged cloud environments,” said Greg Young, vice president of cybersecurity for Trend Micro.

“We believe migrating to the cloud can be the best way to fix security problems by redefining the corporate IT perimeter and endpoints. However, that can only happen if organizations follow the shared responsibility model for cloud security.”

Cybercriminals have capitalized on these misconfigurations by targeting companies with a host of malicious strategies including crypto-mining, data theft, ransomware intrusions, and ‘e-skimming’ AKA the tactic of using skimming code to exploit a web page’s e-commerce payment page – where hackers grab a customer’s payment information including credit card info and passwords directly off the payment checkout page.

Some IT teams handling remote migrations have had to rely on misleading online tutorials, which has in turn led to obtaining improperly managed cloud credentials and certificates, the same report found.

All-round cloud security

DevOps and IT teams that are managing such vulnerable platforms can make use of native cloud tools in some instances to offset a number of the more immediate risks. And as Trend Micro VP Young pointed out, public cloud customers should make efforts to understand the shared responsibility model of being accountable for the safety of their own data – even though cloud service providers will doubtlessly have their own inbuilt security protocols.

The proper tools for quickly and accessibly identifying misconfigured systems should be constantly applied in active cloud environments in order to prevent exposure of outdated systems which might hold sensitive data.

System administrators should restrict access controls to only those employees and contractors who truly need it, employing temporary access permissions in other non-essential circumstances. In addition to this, security protocols should be a part of the DevOps team’s standard operational procedures from the outset so that cybersecurity becomes a part of team and company culture.

With the transition to cloud operations happening whether we embrace it or not, organizations should become increasingly adept at cybersecurity procedures and be aware of basic online threats. After all, an informed and cooperative workforce is another armored plate in a company’s cyber protection shield.