Cryptojacking, ransomware, and coin mining, oh my! These are all cybercrimes that block an enterprise or government access to its files until payment is received—and these types of crimes may happen using cloud computing. We researched some of the common cloud security threats and issues, rounded up research, and detail them here in a comprehensive list of the most prevalent cloud security issues.
Top Cloud Security Issues: Definitions and Facts
The Cloud Security Alliance’s (CSA) “The Treacherous 12” report highlights an extremely important fact about cloud security issues that everyone should recognize: “A cloud environment is subject to the same threats as a traditional corporate network as well as new avenues of attack by way of shared resources, cloud provider personnel and their devices and third party partners of the cloud provider. Cloud providers are highly accessible and the vast amount of data they host makes them an attractive target.”
The CSA dives into all cloud security issues and threats. Through its research, it isolated the most significant threats affecting cloud computing. Here, we briefly summarize the cloud security issues listed in the “The Treacherous 12” report along with other key terms cybersecurity professionals need to know.
CSA’s Treacherous 12
Data Breach: One of the foremost concern and issue affecting all the ways of computing, including cloud computing. A data breach is when a hacker successfully taps into a network and collects the sensitive information, such as passwords, health information, financial information, trade secrets and intellectual property.
Poor Identity and Login Management: Non-secure logins and weak passwords enable hackers to access devices and networks. The best advice here is to use encrypted passwords, rotate passwords, cryptographic keys, and certificates, and employ a multifactor authentication protocol to grant account access.
Non-Secure APIs and Interfaces: Application programming interfaces (APIs) and user interfaces (UIs) are like the pawns on a chessboard when it comes to cloud security defense. Cloud service providers reveal these interfaces for cloud computing users to interact with the cloud, which places APIs and UPIs in the front-line of attack. CSA warns that APIs and UIs require heightened and robust security since they are the first level to which a hacker will try to breach.
System Vulnerabilities: Attacks via system vulnerabilities are not new and started since the invention of networking. Vulnerabilities occur when hackers take advantage of available bugs to penetrate a computing device. After accessing the device via a bug, hackers then may steal information, control the device, or disrupt operations.
Account Hijacking: Phishing, fraud and taking advantage of bugs are ways to hijack accounts. These are not novel methods for hackers. However, when it comes to cloud security issues, a new threat is presented. Hackers, after gaining access to login information, may spy on cloud computing activities, including search history and transactions, and they have the ability to manipulate data, create false information, and direct users to non-credible sites. CSA advises not sharing passwords with multiple users within an organization and incorporate multifactor authentication.
Malicious Insiders: A current or former employee who has/had access to sensitive information might use their access for nefarious purposes. Miltiadis Kandias, Nikos Virvilis, and Dimitris Gritzalis explains an example of a malicious insider in their research as “an administrator responsible for performing regular backups of the systems where client resources are hosted (virtual machines, data stores), could exploit the fact that she has access to backups and thus exfiltrate sensitive user data.”
Advanced Persistent Threats (APTS): This long-term game of attack takes hackers time to execute. The goal is to penetrate an enterprise’s computing infrastructure to collect trade secrets and intellectual property. Hackers will adapt their methods to breach the various infrastructure components as they come across the various network security protections set in place.
Data Loss: The permanent loss of data, which may occur for cloud services during a natural disaster (fire, earthquake, etc.) or when a CSP unintentionally erases data. The best course of action is to back up data in case of a data loss scenario.
Insufficient Due Diligence: When an enterprise is switching to a cloud, and it does not comprehensively review the process and implement a thorough roadmap to move its services over to the cloud. This lack of preparation and forethought opens up the company to security vulnerabilities.
Abuse and Nefarious Use of Cloud Services: Cloud computing is vulnerable to attack when proper security measures are not in place prior to deployment, often for free-trials, and for fake account sign-ups that uses a payment method. The CSA report cites these examples of misuse, “launching DDoS attacks, email spam and phishing campaigns; ‘mining’ for digital currency; large-scale automated click fraud; brute-force compute attacks of stolen credential databases; and hosting of malicious or pirated content.”
Denial-of-service (DoS): DoS describes attacks that prevent users from accessing their information and applications. This method of attack utilizes system resources, such as power, memory, disk space, etc., in abundance to slow down the system enough that users cannot access their information.
Shared Technology Vulnerabilities: Off-the-shelf hardware and software components help make up a cloud infrastructure and is a shared resource. Its security is vulnerable when isolation properties are not incorporated into the infrastructure that provides the cloud deployment capabilities. One vulnerability in the cloud infrastructure may lead to the entire cloud service provider’s cloud to being compromised.
Additional Top Cloud Security Issues: A Glossary of Malware Terms
BadRabbit: This ransomware affected Russia. On websites featuring an Adobe Flash Player update, the malware acted as the Flash update. Not only would it infect a user’s device but it would spread throughout the user’s network. Once infected, it would issue a ransom note.
Coin Mining: According to Symantec, a coin mining gold rush resulted in an 8,500 percent increase in detections of coinminers on endpoint computers in 2017.” There are two methods for coin mining. One is a file that is downloaded onto a device. The other method happens in a web browser via scripts.
Coinminers: Hackers that mine cryptocurrencies, which is a digital currency such as Bitcoin.
Cryptojacking: According to Redlock, the “unfettered access to expensive and high-powered public cloud compute resources is leading to increased cryptojacking attacks.” Cryptojacking describes the action of a hacker using an unknowing user’s computer to mine cryptocurrency.
DDoS: It stands for Distributed Denial of Service. Similar to a DoS, except that it’s not a single attacker, it’s a group of attackers slowing down an organization’s network. Hackers conduct a DDoS attack as a decoy method to attract IT professionals’ attention to the DDoS attack instead of monitoring the network for other dubious activity.
Dridex: A financial Trojan that detects if a device has accounting software. If the device has accounting software, the malware will give remote access to the hacker.
Emotet: A financial Trojan. First seen in 2014, then it disappeared for a bit and seen again in 2017. Operates via spam email and it steals information from infected devices.
EternalBlue: Describes the Windows security weak spot that the US National Security Agency (NSA) used to conduct surveillance on networks and to gather intelligence. The Shadow Brokers group then released information about EternalBlue in 2017. EternalBlue is the process of creating a version of Windows’ Server Message Block (SMB) networking protocol to spread itself, in a similar fashion as a worm, across the network and its connected device. The WannaCry attack used EternalBlue to compromise more than 200,000 victims’ devices in 150 countries.
Grayware: “Apps that aren’t completely malicious but can be troublesome – Symantec found that 63% of grayware apps leak the device’s phone number.”
Living Off the Land: When hackers use tools on hand that are legitimate, such as network administration software.
Malware: Software with the mal-intent of damaging or disarming computers and systems.
Meltdown: Intel’s processor chip had a long-standing security flaw that wasn’t discovered until 2017. The security flaw allowed for hackers to obtain private email messages and search history. The Meltown attack breaks down the isolation security barrier around the kernel, which is the most protected component in an operating system that houses confidential information.
Petya/NotPetya: Malware with the intent to encrypt the hard drive of computers. Petya’s overall goal is to ransom cryptocurrency from victims. It hides a computer’s files so a user cannot access the information until the user agrees to pay a ransom in cryptocurrency. NotPetya is different in that it has more tools than Petya and it’s not strictly a ransomware. It still encrypts the master file table and sends a ransom request to restore the files. It differs in that is spreads without the use of spam email. Instead, it implanted itself into a popular accounting software used in Ukraine, called M.E.Doc. Then it used EternalBlue to spread to other devices NotPetya also encrypts everything, not just the master file. Even though it looks like ransomware, that’s not its objective. The main objective appears to be information collection and espionage.
Ramnit: A worm that steals information by moving through removable devices. It also operates as a backdoor by allowing remote hackers access to a device.
Ransomware: Malware that blackmails victims by threatening to publish sensitive data or by blocking a victim’s access to their information until a ransom is paid.
Software Update Supply Chain Attacks: When malware is incorporated into legitimate software packages. When a user updates their device, as recommended, instead they receive a version that contains malware.
Spear Phishing: An infected email that an unsuspecting user opens.
Spectre: Similar to Meltdown, Spectre breaks down the security measures of the processing chip, but it focuses more on applications. It exploits the Spectre variants, which is the variants in a chip’s speculative execution process. Speculative execution is the method to free up memory and improve speed by guessing the next steps in an action’s logic before receiving the demand. Hackers take advantage of the spectre variants to acquire an application’s information that shouldn’t be exposed. Spectre is harder to stop than Meltdown as cybersecurity teams are in the process of developing patches.
Trickybot: A Trojan Horse that downloads more malware onto a device.
Trojan Horse: Also known as Trojan, the Trojan Horse is a malware that resembles legitimate software.
Zbot: A Trojan horse package than operates on Microsoft Windows that’s commonly used to seal banking information. Also known as Zeus or ZeuS.
Zero Days: Undetected software vulnerabilities that were not patched.