Cloud Attacks on the Rise
Mitigating Cybersecurity Risks in AWS
Every day, we see a new cloud-related security incident or breach in the headlines. It doesn’t matter the industry or business size, every organization that has sensitive data in the cloud is at risk of a cybersecurity attack within their cloud environment. Let’s look at some of the numbers:
- DivvyCloud has reported that from 2018 to 2020, 33 billion records have been exposed because enterprises struggle to implement proper cloud security.
- According to Symantec, individual cloud accounts were worth $5-$10 to hackers.
- McAfee speculates that 5.5% of AWS S3 buckets are open to the public.
- In the CSA’s AWS Cloud Security Report 2020 for Management, 65% of its respondents have increased their cloud security budget.
It’s encouraging to see businesses heighten their awareness around cloud attacks and put a strong emphasis on proper configurations. No one should have a false sense of security when it comes to AWS. At KirkpatrickPrice, we want to deliver true assurance to our customers during an AWS assessment.
I think it’s very important for us to be concerned about our cloud environments. If you are managing and administrating your AWS environment, then look at the recent news and some of the things that have occurred. The Cybersecurity and Infrastructure Security Agency has published warnings about how attackers are bypassing controls, such as multi-factor authentication. They are exploiting cloud misconfigurations and they are putting a lot of focus and attention on the cloud because of the push to remote working on top of the rapid move to the cloud that our organizations have been through. Attackers are rightly focusing on those areas to try to access sensitive data and information.
You have issues like in the Oldsmar water supply breach, in which they set up a remote access capability for workers and it had very little control over who could log into that and the methods that were used to remotely connect to the network. When you look at some of the recent breaches, like SolarWinds, people are experiencing phishing attacks that have harvested credentials in order to log into the cloud. There is a “pass-the-cookie” type of attack that is able to bypass multi-factor authentication and you are able to pass those sessions off to another user. These are things that really need to heighten our awareness about the attacks hitting our environments and we need to take a very strong look at how our cloud configurations are put together and if we are maintaining and monitoring them effectively. I’m afraid, a lot of times, people have a false sense of security simply because they have multi-factor enabled. We have to see where attackers are bypassing that and what methods they use to get around that in order to be ready for those types of attacks. If you need to look at your cloud configurations and security, please contact KirkpatrickPrice to help.