The Business Case for Sophos Cloud Optix:
Public Cloud Visibility and Threat Response
By completing this form you are opting into emails from Secon Cyber. You can unsubscribe at any time.
The Potential Cost of Errors in the Public Cloud
Protection from the latest generation of public cloud cyberattacks and regulatory compliance penalties requires a new level of visibility and security automation. The thousands of data storage service breaches publicised in the news have raised awareness of vulnerabilities caused through misconfigured “public” access, but cloud security breach tactics go far beyond this.
Misconfigured Data Storage Services
According to the 2019 Verizon Data Breach Investigations Report1, insider-initiated incidents now account for 34% of data breaches. Accidental data exposure through misconfigured storage services continues to plague organisations, with reports of airlines exposing the data on millions of passengers, and of leaked data from fortune 100 customers, including internal business documents, system passwords, sensitive employee information.
Over-Privileged IAM Roles
Data storage services with “private” mode enabled are still not safe. Recent high-profile attacks are said to have exposed 140,000 Social Security numbers and 80,000 bank account numbers, exploiting over-privileged IAM roles and instance permissions through a flaw in the WAF. These attacks retrieve IAM credentials via an SSRF vulnerability to access data and files in “private” mode.
Hijacked Cloud Resources
Hijacking cloud resources to mine for cryptocurrency is a fast-growing threat for enterprises. Whether exploiting containers without password protection, as in the as in the case of a high-profile car manufacturer, or illegally provisioning instances using stolen credentials, these attacks conceal their activities from conventional firewalls by hiding the IP addresses of their mining programs behind a content delivery network, and throttling mining software to avoid high-usage-detection systems, leaving organisations with a large invoice for cloud usage.
Elasticsearch services make it easy to store, search and analyse large volume of data, and that makes it a prime target for cybercriminals. But with their “public” mode, Elasticsearch domains leave data exposed to unsigned requests made to these resources (ES clusters). Examples of unprotected Elasticsearch clusters include the personally identifiable information of more than 20 million Ecuadorian citizens, and over 20 million tax records belonging to Russian citizens.
The Keys to your Kingdom
Virtual hard drive snapshots and database services can be the keys to your kingdom. While MongoDB and any database running on a virtual network has potential to have open ports to the public internet, recent attacks have seen popular services such as Amazon Relational Database Service (RDS) and Amazon Elastic Block Store snapshots (EBS) compromised through a “public” mode. Recent reports have highlighted the scale of the problem with approximately 1,2502 EBS snapshots of virtual hard drives found to be “public” and unencrypted for the world to see across Amazon cloud regions.