The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. In 2016 CSA released ‘Treacherous 12: Top Threats to Cloud Computing + Industry Insights’article to provide readers with a real-world glimpse into what is currently occurring in the security industry. InstaSafe has refreshed release to the 2016 article that includes new real-world anecdotes and examples of recent incidents that relate to each of the 12 cloud computing threat categories identified in the original paper.
“It’s our hope that these updates will not only provide readers with a more relevant context in which to evaluate the top threats but that the enhanced article will provide them with a real-world glimpse into what is currently occurring in the security industry.
In a way, this threat is similar to the malicious insider threat from before. However, rather than referring to an authorized user from your own organization launching an attack on your cloud environment, this threat refers to hackers abusing poorly-secured clouds, free service trials, and fraudulent account creation to launch attacks from the cloud.
In this case, a hacker or group of hackers might use cloud resources to launch Distributed Denial of Service (DDoS) attacks against your cloud or use your cloud to do this to others. Spammers, hackers and other criminals take advantage of the convenient registration, simple procedures and relatively anonymous access to cloud services to launch various attacks.
When hackers hijack your cloud provider’s resources to launch attacks against others, the resources the provider has on hand to process your needs may be reduced while they respond to this malicious use.
Additionally, when hackers use fraudulent payments to acquire cloud services, the provider’s costs go up. These costs typically get forwarded to the cloud service provider’s other customers—in other words, you.
The solution to this problem is not simple – an acceptable use policy can set down the rules, but due to the automation that is involved in provisioning new cloud instances, it is often too late before a CSP identifies a nefarious cloud instance.
10.2 Business Impacts
The challenges around the abuse of cloud services are for the most part a service provider issue rather than a cloud consumer problem, however, it can impact the customer when the nefarious cloud instances are causing congestion on the cloud platform and/or network uplink in the case of distributed denial of service (DDoS) attacks. This can lead to shared platform resource problems – where the availability of a cloud instance is impacted by activity that is taking place elsewhere in the service provider infrastructure.
Also, Fraudulent payment instrument use can result in passing increased costs along to innocent parties such as financial institutions or cloud providers and ultimately to customers and others.
10.3 Anecdotes and Examples
Cloudbleed was the name of a security bug discovered in February 2017 in the reverse proxies generated by popular website performance and Security-as-a-Service provider CloudFlare. Exploiting a glitch that caused CloudFlare’s servers to return extra data in response to website requests, the bug leaked sensitive data of affected users, including passwords, authentication tokens, and more. Discovered by the team at Google’s Project Zero, the bug leaked potentially damaging information for almost six months – from September 2016 to February 2017 – before its discovery. Major CloudFlare users such as Uber, dating platform OKCupid, and fitness programme Fitbit were affected, although the exact extent of the damage is unclear.
In perhaps one of the most high-profile cybersecurity attacks of 2017, popular television network HBO was hacked in late July by a group of hackers. The group claimed to have stolen roughly 1.5 terabytes of information from the company, including scripts and episodes of popular TV show Game of Thrones. After initially demanding money for the return of the data, the hackers eventually posted the episodes on torrenting websites like The Pirate Bay. This attack was followed a few weeks later by another high-profile attack on HBO’s social media channels, with well-known group OurMine taking over the brand’s Twitter and Facebook feeds for brief periods of time.
Cryptocurrency prices scaled new heights this year, which only made their illegal acquisition that much more tempting to certain criminals. While there were several cryptocurrency heists in 2017, the two biggest ones involve Ether, a currency on the blockchain-based app platform Ethereum.
1. The Treacherous 12 – Cloud Computing Top Threats in 2016
2. Cloud Security Threats – Abuse and nefarious use of cloud services
3. Fighting the Top 12 Threats to Cloud Cyber Security: Threats 10-12
4. Top Threats to Cloud Computing
5. Ransomware on the rise: what were the biggest cyber attacks of 2017?