Cloud Security Concerns in 2018: Data Breaches, Security Misconfigurations, AI and Botnets

Increasing numbers of organizations are moving to cloud data services, even in traditional industries such as banking and healthcare. And, with spending on public cloud computing forecast by IDC to increase by 23 percent this year, data in the cloud will be a prime target and securing that data is becoming of increasing importance.

In this post, we update some of the top cloud security concerns that we identified back in 2015.

Data breaches

It is estimated that in 2017 alone, over 99 billion records were exposed because of data breaches. Though breaches certainly occur in on-premises systems, there are special considerations for cloud data services.

As more organizations move to cloud environments to cut on expenses, often without the technical skills on staff to do so, vulnerable APIs and misconfigured databases in these environments will become “quick wins” for attackers. With the ease of employing services on the cloud, organizations are eager to use the service, even without the traditional IT security support. The public cloud services provide security of the cloud, yet users still must provide security in the cloud, as depicted in this model for Amazon Web Services (AWS).

The customer’s level of responsibility varies depending on the type of cloud service. While a software as a service (SaaS) customer is responsible only for data, an infrastructure as a service (IaaS) customer would be responsible for security of the data, applications and operating system.

Security misconfiguration

Default security settings of the cloud provider usually provide the required level of security, yet there have been a few recent examples of breaches caused by misconfiguration in the specific AWS instance.

AWS S3 buckets are indeed simple to use as the name, Simple Storage Service, implies and are therefore widely used for data storage.  S3 buckets have unrestricted public access which can be found using available open-source tools. When a bucket with sensitive data is configured to public access, the data is vulnerable to a breach from attackers using those tools.

The following recent cases were uncovered by security researchers:

  • Details of 14 million Verizon customers were left exposed, including customer personal data
  • Accenture left four S3 buckets open to the public, exposing 137 gigabytes of customer data, including customer credentials

A cloud WAF can complement AWS with enhanced security.

Artificial intelligence

AI has been used to identify and anticipate attacks, however, that same technology is increasingly being employed to perpetrate attacks. In a recent survey 87 percent of cybersecurity professionals report that their organization is using AI as part of its cybersecurity strategy, and 91 percent are concerned about hackers using AI in cyberattacks.

A Harvard Business Review article stated:

In the near future, as artificial intelligence (AI) systems become more capable, we will begin to see more automated and increasingly sophisticated social engineering attacks. The rise of AI-enabled cyberattacks is expected to cause an explosion of network penetrations, personal data thefts, and an epidemic-level spread of intelligent computer viruses.

Attackers leverage AI to learn normal behavior and then mimic that behavior to bypass user and entity behavior analytics (UEBA) solutions. AI has been proven beneficial in these types of cyberattacks:

  • Virus – In a recent experiment, researchers were able to bypass antivirus solutions 16 percent of the time by hammering the software with continual slight modifications to the malware code.
  • Phishing – Data scientists conducted an experiment where they taught an AI to study the behavior of Twitter users and then design and implement its own phishing bait. In two hours the AI could lure 275 victims, while a person in that time could lure only 49 users.
  • Data Mining – Machine learning can garner related information from the large amount of big data out there. With that capability, personal information can be extracted and consolidated.

Botnets

Botnets based on the processing power of a large number of IoT devices continue to grow and mature. Botnets like Mirai and Satori were the tip of the iceberg, and the potential for financial gain is still very desirable for attackers.

The botnets distribute loads between different nodes, and also overcome simple defense mechanisms by spreading the attack between hundreds or thousands of sources. Tools to automate client interaction are developed so they can be deployed on the botnet’s zombie devices. These tools can mitigate security controls, such as rate limiting or simple CAPTCHAs.

The use of IoT devices in the home has proliferated but users do not consider security of these devices as they might do for home computers, often leaving default settings and not updating the devices. Once the devices are compromised they provide persistent access to the home network giving the attacker a backdoor into the network.

Botnets built of compromised IoT devices are used for malicious activity such as:

  • DDoS – Flood a site with a huge volume of data, hundreds of Gigabits per second, or large volume of packets in application layer attacks.
  • Credential stuffing – Use stolen login credentials from one service and then run them against other well-known services, succeeding where credentials are reused.
  • Web scraping – Typically web scraping activity is used for legitimate purposes, but a majority of bot scrapers are used to collect information from the web for malicious purposes.

Security concerns for cloud-based services

While continuing to watch for all the top security concerns, users of cloud services should pay special attention to these four areas in security as they continue to evolve and present increased risk. We will continue to monitor cloud security issues and provide updates on the ever-changing threat landscape.

Keep your finger on the pulse

Sign up for updates from Imperva, our affiliated entities and industry news.