The Egregious 11: Examining the Top Cloud Computing Threats
Each year, the Cloud Security Alliance (CSA) releases its “Top Threats to Cloud Computing” study to raise awareness of key risks and vulnerabilities in the cloud and promote strong security practices.
The latest edition, The Egregious 11, ranks the top eleven cloud threats and provides recommendations for security, compliance, risk and technology practitioners. This installment reflects the widespread surge in cloud use and overall maturation in organizations’ understanding of cloud environments. However, it hints at continued over-reliance on cloud vendors to protect workloads, a troublesome trend we also observed in the CyberArk Global Advanced Threat Landscape 2019 report.
The CSA recorded a drop in rankings of traditional cloud security issues under the responsibility of cloud service providers – such as denial of service, shared technology vulnerabilities and CSP data loss – suggesting these issues are less of a concern for organizations than in years past. The biggest threats now come from issues like misconfigurations and insufficient identity access management where the customer is solely responsible for security.
As organizations utilize the cloud to enable remote work and accelerate digital transformation, there is a need to understand where potential security risks exist and address them head on. Here’s a look at five of the “Egregious 11,” along with steps organizations can take to strengthen their security posture. To explore all 11 cloud security challenges, along with CSA recommendations, check out the full study.
With the average total cost of a data breach now at $3.92 million, it’s unsurprising this is ranked as the number one cloud threat. Cyber attackers are after data – particularly personal information – and data accessible via the Internet is the most vulnerable asset to misconfiguration or exploitation. As more data shifts to the cloud, effectively protecting it begins with the question, “Who has access to this?”
Misconfiguration and Inadequate Change Control
Misconfigurations – including granting excessive permissions or unchanged default credentials – occur when computing assets and access are set up incorrectly. Misconfiguration of cloud resources is a leading cause of data breaches and can result in deleted or modified resources and service interruptions. The dynamic nature of the cloud makes traditional change control approaches for proper configuration extremely difficult.
To overcome cloud misconfiguration maladies, the CSA urges organizations to embrace automation tools that can continuously discover issues like unmanaged privileged accounts and instances to prevent misuse.
Insufficient Identity, Credential, Access and Key Management
The cloud introduces a host of changes and challenges related to identity and access management (IAM) and particularly to privileged access management (PAM), since privileged credentials associated with human users as well as applications and machine identities are exceptionally powerful and highly susceptible to compromise in cloud environments.
Once an attacker obtains privileged credentials, they can gain full access to sensitive databases, or even to an organization’s entire cloud environment. Attackers know this. Many recent attacks targeting IaaS and PaaS environments have exploited unsecured credentials, resulting in cryptojacking, data breaches and destruction of intellectual property and other sensitive data.
The CSA stresses the need for strict IAM controls for cloud users and identities including following the principle of least privilege to protect privileged access to high-value data and assets. It also notes that cloud access keys (e.g., AWS access keys, Google Cloud keys and Azure keys) must be rotated and centrally managed, while unused credentials or access privileges are removed.
Using phishing methods, vulnerability exploitation or stolen credentials, malicious attackers look for ways to access highly privileged accounts in the cloud, like cloud service accounts or subscriptions. Account and service hijacking means full compromise: control of the account, its services and the data within. The fallout from such compromises can be severe – from significant operational and business disruptions to complete elimination of organization assets, data and capabilities.
To protect against account hijacking, the CSA recommends defense-in-depth and strong IAM and PAM controls, such as credential lifecycle and provisioning management and segregation of duties.
Malicious insiders can be current or former employees, contractors or other trusted third parties who use their access to act in a way that could negatively affect the organization. Since insiders have legitimate access, pinpointing potential security issues can be extremely difficult and remediating incidents can be costly. According to the Ponemon Institute’s 2020 Cost of Insider Threats Study, the average global cost of insider threats rose by 31% in two years to $11.45 million and the frequency of incidents spiked by 47% in the same time period.
Whether it’s a privileged user abusing their level of access or inadvertently misconfiguring a cloud resource, having a PAM program in place to protect from these insider abuses is paramount.
Don’t Be An Egregious Offender. Secure Your Cloud with PAM
The cloud has fundamentally changed the notion of privilege. Now, even ordinary user credentials in the cloud and DevOps environments can hold as much power as administrator-level credentials do for other types of systems. Add in a complex and highly dynamic mix of machines and applications and the privilege-related attack surface grows dramatically.
Poor cloud security practices will inevitably lead to a breach or failed audit and force organizations to slow down – something that simply isn’t an option in the always-on, ultra-competitive digital era.
Strong privileged access controls help ensure that humans, applications and machines have only the necessary levels of access to sensitive applications and infrastructure to do their jobs and that activities occurring within the cloud environment aren’t risky (or if they are, privileged access controls enable SecOps teams to take swift action).
If you’re looking for more in-depth guidance beyond the CSA’s initial recommendations, tap into these actionable steps for protecting privileged access in cloud environments.
Original written by: Justyna Kucharczak
Over the past 12-18 months, there has been a mounting interest in the next generation of IAM systems. The promises of decentralized and self-sovereign identity promote a frictionless user experience, improved privacy controls, and appeal to organizations looking to reduce both costs and risks. How do you get started? Many organizations are just starting their journey to cloud, so the idea of a decentralized identity may seem too futuristic.In this session, experts from IBM, Pontis Research, PathMaker-Group & SecurIT discuss the value of such a transition and how clients are progressively moving towards it. Learn how use cases like password less authentication for law enforcement personnel and digital job credentials are becoming a reality. With the right strategy the next generation IAM is closer than you think.
As the business world navigates the ups and downs of today’s economy, a mindset shift is required to maintain cyber resilience. Cybersecurity, often an afterthought in a strong economy, must not be neglected in responding to shifts in the business landscape.
As more companies expand their remote workforce, the number of endpoints with access to corporate resources is proliferating. Hackers are seizing the opportunities this presents: Phishing email click rates have risen from around 5 percent to over 40 percent in recent months, according to Forbes.
With a strong cybersecurity mindset and some strategic planning, your company can position itself to survive these new working conditions and build up even more cyber resilience as you adapt. Because cybersecurity professionals are facing formidable adversaries, understanding how hackers think can go a long way in mitigating the threat they pose.
An Unfair Advantage
Security expert Frank Abagnale is one of the foremost experts on the thought processes of threat actors, and he was kind enough to lend his expertise to this piece.
Since the number of successful phishing attacks has skyrocketed, I asked him if this is more a function of hackers stepping up their game, or employees not possessing the right cybersecurity mindset to pay attention.
“It’s both,” he explained. “Any crisis is a perfect backdrop to phishing attacks. At the same time, employees are in a new environment, working from home with more distractions than ever. Add to this stress, cabin fever and anxiety, and you have the perfect phishing storm.”
What makes bad actors so successful, according to experts, is that they take advantage of the human condition. And the human condition is less guarded by security layers today than it has been in quite some time.
“Any fear and anxiety gets people to do things they normally would not do,” said Abagnale.
Take It From the Top
So what can an enterprise do to swim against this foreboding tide? Abagnale insists that vigilance is the key.
“It’s the way to go in normal times and especially now,” he said. “If a link or email sounds too good to be true, it probably is. Don’t rush to fill forms and provide your information to anyone who claims to be the IRS” — or someone who can accelerate your tax return.
But employees can’t be expected to bear the full responsibility of security, or even to recognize established best practices in every scenario. If something is too confusing or complicated and employees don’t know much about it, failure can seem inevitable. Good cybersecurity must be taught in ways that are easy to understand and that include actionable takeaways.
“We must use this time to educate and keep employees alert,” Abagnale asserted. And today, the cybersecurity responsibility elevator operates with only one button and one destination: the C-suite. It therefore falls to chief information security officers (CISOs) and security practitioners to connect the dots and ensure their colleagues understand what they can do to help.
Modern Problems, Modern Solutions
As we continue working, could the altered landscape change Abagnale’s mindset around cybersecurity? Would most of his convictions hold?
“I have been talking and warning executives and companies for over four decades about what criminals do to exploit unsuspecting humans,” he explained. “I now live to see the full effect of it, in a time that is ripe for fraud and deceit. My convictions are more reinforced today than ever. I am more energized to help educate the public about cybercrime and how we move forward to a better and more secure internet.”
Abagnale firmly believes that we must elevate our systems to prepare for the future, and the first piece of advice he would give to any company and security practitioner is to stop using passwords.
“Once you take the secret away from the human user, they cannot give it to the crooks,” he said. “They will not fall prey to keyloggers. It’s time we move forward from a 1960s technology to the 21st century.” Now may just be the time to put into action what Abagnale has been suggesting for years, and the path to a passwordless world may be simpler than you think.
Of course, moving away from passwords is just one aspect of the mindset shift security experts must embrace to bolster their cyber resilience. Don’t just keep cybersecurity and cyber hygiene front of mind; take the opportunity to reevaluate the true efficacy of our fundamental assumptions about security. Drastic changes in the threat landscape will continue to develop as working norms are overhauled, and security measures devised for outdated threats likely won’t serve us in the future — or even the present.
Your First Two Steps to Make Life Harder for Cyber Attackers
If you think like an attacker, you’ll realize that your best approach to securing your critical assets is to assume that you’ll be breached. But what does this mean in practice?
Domestic cyber criminals and nation-state attackers alike are capitalizing on this time of uncertainty – and remote workers are a prime target.
Tonya Ugoretz, deputy Assistant Director of the FBI Cyber Division, recently spoke at a virtual Aspen Institute event. Ugoretz described the situation best as a “collision of highly motivated cyber threat actors and an increase in opportunities.” In fact, the FBI’s Internet Crime Complaint Center (IC3) is currently receiving between 3,000 and 4,000 cybersecurity complaints daily – a massive jump from their normal average of 1,000.
Criminals are taking advantage of “enormously high public interest in information” on COVID-19, the status of government stimulus checks and updates on local community restrictions. Some are setting up fake domains claiming to sell personal protective equipment, masquerading as charities working to raise money for patients or offering fraudulent loans to the financially strained. Times like these present a lucrative opportunity for cyber criminals – and they know it.
A Common Attack Method Shines
Traditional phishing attack methods continue to be a popular first step in the cyber attack chain. With a legitimate-looking email disguising a malicious, virus-spreading link or attachment, the attacker can easily cast their bait. These attacks have come to present an increased threat to businesses – especially now.
In today’s environment, remote workers are increasingly using both personal and corporate devices to access corporate resources. While a company may have made the office computer as secure as it can, if the remote worker logs on with their home laptop, that doesn’t help. Even employer-owned devices may be more vulnerable at home as many workers will be connecting through unsecured Wi-Fi.
Furthermore, with the adjustment to working from home – whether that means setting up a laptop on the kitchen table or working with kids playing in the background – many newly remote workers are not at their most alert, which makes it easy for them to mistakenly click on the wrong link. Clicking on a phishing link gives the cyber attacker a foothold on that person’s workstation – from there they can gain access the company network to accomplish their goals.
Who’s at Risk?
While there are plenty of nefarious individuals working to cash in on chaos for personal profit, many of today’s campaigns are driven by highly organized nation-state attackers with deep pockets. To help shine a light on some of their methods, the FBI and a group of federal agencies issued a public alert this month – noting that financial institutions and digital currency exchanges are particularly at risk as attackers develop and launch “increasingly sophisticated” malware tools in search of large payouts.
The FBI has also observed a spike in nation-state cryptojacking attacks where attackers compromise victim endpoints and steal computing resources to mine digital currency. Additionally, they warned of ransomware campaigns, some of which demand payment “under the guise of long-term paid consulting arrangements in order to ensure that no such future malicious cyber activity takes place.”
But the financial sector isn’t the only one at risk. Hospitals and healthcare organizations are “deeply under attack,” explained Ugoretz and her co-presenters. As evidenced by attacks on the World Health Organization (WHO), nation-states are particularly interested in gaining insights on the coronavirus to help inform their country’s own response. These attackers are also honing in on research institutions and biotechnology companies that have publicly touted their work in progressing treatments and a viable vaccine.
Prioritizing the Protection of Privileged Access
Whether targeting healthcare organizations, financial institutions or any number of other companies, there is one common thread. Attackers are looking for sensitive information they can exploit – and they are doing so by compromising endpoints, stealing credentials and escalating privileges in order to access their targets.
While attackers can ultimately accomplish their goals by targeting any endpoint, they often seek out those of privileged users (like system administrators working from home) who have access to sensitive assets and powerful systems. By stealing privileged credentials from these users, attackers can accelerate their efforts. After gaining legitimate access to company systems, attackers appear to be company employees and can move throughout the environment with ease to conduct reconnaissance and siphon off proprietary data.
Privileged access is the gateway to an organization’s most valuable assets and is at the core of nearly every major security breach today. With privileged access, motivated external attackers and malicious insiders alike can access network infrastructure and steal data. Without that access, attackers are severely limited in what they can accomplish.
That’s why protecting the pathway to critical resources with privileged access management (PAM) is so important. Organizations that have a strategy in place to manage and monitor privileged access, as well as detect and respond quickly to threats, are best positioned to defend against today’s targeted threats.
While there is no silver bullet to protect organizations from this surge in criminal activity, prioritizing privilege can dramatically reduce the business impact of an attack.
Privileged accounts and the access they provide represent the largest security vulnerability an organization faces today. These powerful accounts exist in every piece of hardware and software on a network. When employed properly, privileged accounts are used to maintain systems, facilitate automated processes, safeguard sensitive information, and ensure business continuity. But in the wrong hands these accounts can be used to steal sensitive data and cause irreparable damage to the business.
Privileged accounts are exploited in nearly every cyber-attack. Bad actors can use privileged accounts to disable security systems, to take control of critical IT infrastructure, and to gain access to confidential business data and personal information. Organizations face a number of challenges protecting, controlling, and monitoring privileged access including:
• Managing account credentials. Many IT organizations rely on manually intensive, error-prone administrative processes to rotate and update privileged credentials—an inefficient, risky and costly approach.
• Tracking privileged activity. Many enterprises cannot centrally monitor and control privileged sessions, exposing the business to security threats and compliance violations.
• Monitoring and analyzing threats.
Many organizations lack comprehensive threat analysis tools and are unable to proactively identify suspicious activities and remediate security incidents.
• Controlling Privileged User Access.
Organizations often struggle to effectively control privileged user access to cloud platforms (IaaS a PaaS), SaaS applications, social media and more; creating compliance risks and operational complexity.
• Protecting Windows domain controllers.
Attackers can exploit vulnerabilities in the Kerberos authentication protocol to impersonate authorized users and gain access to critical IT resources and confidential data.
Send download link to:
Founded in 1999, SecurIT has over 18 years of extensive experience of designing, implementing, maintaining large Identity Management/Governance infrastructures. With more than 30 specialists permanently employed in the Netherlands SecurIT offers its customers high quality consultancy, implementation, management and support services (24*7).
Momenteel wordt er in de Nederlandse zorg intensief gewerkt om iedereen in de samenleving te helpen in deze bizarre tijden van de corona-crisis. Tegelijkertijd misbruiken criminelen de situatie om zorginstellingen en zorgaanbieders digitaal aan te vallen, door bijvoorbeeld gijzelsoftware te verspreiden of spam te versturen. Wij vinden dit onvoorstelbaar en nemen actie door ons te verenigen in de coalitie "Wij Helpen Ziekenhuizen" om de Nederlandse zorginstellingen kosteloos en belangeloos te beschermen tegen digitale aanvallen in tijden van de Coronacrisis.
Het COVID-19 virus doet een aanval op ons immuunsysteem. Met het tijdig nemen van de juiste preventieve maatregelen proberen we de schade zoveel mogelijk te beperken. Hierbij zijn zaken als, mondkapjes, desinfectans, beademingsapparatuur en de zorg daarom heen essentieel, anders is de pandemie niet te overzien.
Net zoals COVID-19 vindt er continue security aanvallen plaats waarbij de immuniteit van iedere organisatie op de proef gesteld wordt. De juiste combinatie van preventieve maatregelen kan het verschil maken tussen een simpel griepje voor uw organisatie of een totale lockdown met alle gevolgen van dien.
Net zoals bij het COVID-19 virus zijn de security threats aanwezig. We weten allemaal dat we vroeg of laat hiermee geconfronteerd zullen worden.
De vraag is hoe zijn wij hierop voorbereid? SecurIT is de zorgverlener met jarenlange ervaring. Wij zijn de dokter die je graag aan het bed wil hebben staan om te voorkomen dat uw organisatie in een niet herstelbare noodsituatie terechtkomt.
Wat kunnen wij voor u doen
|Situatie||Waarom moet je erop letten?||Wat voor oplossingen bieden wij?|
|Veilig vanuit huis werken en bij de juiste (werk)bestanden kunnen komen voor zowel thuiswerkers als derde partijen||Het netwerk van uw kantoor is een beveiligd en vertrouwde omgeving. Hoe zit dat voor uw thuisnetwerk, huis wifi en niet gemanaged devices? Bied uw bedrijf een veilige toegang tot het bedrijfsnetwerk en apps voor efficient thuiswerken zonder zorgen||Veilige Remote Access (CyberArk is hiervoor nodig)|
|Voorkom Security datalekken en breaches/schendingen dat door malware/ransomeware en hackers (die bijvoorbeeld het coronavirus misbruiken om te hacken) worden veroorzaakt||Meer dan 80% van de ransomware aanvallen starten door het klikken op phishing mail. Virusscanners kunnen dat niet altijd detecteren. Hoe kan ransomware wel worden voorkomen?||Endpoint protectie en privileged account security|
|Beveilig wachtwoordgebruik (of maak uberhaupt geen gebruik van wachtwoorden)||Een groot aantal van de succesvolle cyber attacks gebeuren door gestolen of aangetaste wachtwoorden. Zorg ervoor dat uw werknemers sterke wachtwoorden gebruiken voor hun werkaccounts, niet wachtwoorden hergebruiken en dat ze multi-factor authenticatie hebben aan staan op alle websites, applicaties en systemen die dat aanbieden.||Password Manager & Multi-factor authenticatie (zowel on-prem als in cloud)|
Wacht niet tot het te laat is, en neem nu contact met ons op.
*Als je een zorginstelling buiten Nederland bent, of als je géén zorginstelling bent, laat het ons weten en wij kijken, samen met u, wat de mogelijkheden voor uw organisatie zijn!