Organizations globally use cloud services for cloud-native development, data analytics, machine learning and application migration among many other things. While data storage and management have never been easier, cloud vulnerabilities have become a huge threat to data security.
According to an article by HelpNetSecurity, 93% of businesses have serious concerns about public cloud security.
The VAPT team of Kratikal, a CERT-In-empanelled security auditor, has conducted cloud security assessments for numerous organizations around the globe. Here is a list of the top 7 critical cloud vulnerabilities we found.
#1 Lack of Multi-factor Authentication for Privileged Users
One of the most common cloud vulnerabilities is the lack of multi-factor authentication (MFA) for users who are assigned to privileged administrative roles in control. For any kind of cloud environment, access of privileged users must be as protected as possible. Neglecting to enable a security measure as basic as MFA can result in grave consequences for an organization.
Without multi-factor authentication, it makes it very easy for malicious actors to compromise privileged accounts. The lack of MFA also leaves these accounts susceptible to brute force attacks. As these accounts often have elevated administrator permissions, they can be used by hackers to completely disrupt an organization’s operations and steal its data.
#2 No Multi-factor Authentication to Join Devices
In many cases, cloud environments lack multi-factor authentication (MFA) when new devices are added. This can prove to be a huge threat to cloud security. Enabling MFA for joining devices prevents any rogue devices from being registered by compromised user accounts. MFA works by asking for any two or more of the verification methods mentioned below:
- A password or PIN
- A trusted device that can’t be easily duplicated such as a phone
- Biometrics like a fingerprint
When you enable MFA, users need to provide at least two forms of credentials to add a device, making sure that only legitimate users are allowed to do so.
#3 Open S3 Bucket
According to an article by Soc Investigation, S3 bucket misconfigurations are the reason behind 16% of all cloud security breaches. Standing for a simple storage service, S3 is AWS’s cloud storage service.
It allows you to store, access, retrieve and back up as much data as you want anytime, anywhere. According to research, approximately 1 in 6 of the 12,328 identified buckets were openly accessible to anyone that’s interested.
Without appropriate protection, any information stored in an open S3 bucket can be easily browsed by various scripts and other tools. Open S3 buckets can cause severe data breaches and lead to the exposure of highly sensitive data.
In 2018, a misconfigured S3 bucket caused the leakage of 48 million records accumulated by a private data analytics firm!
#4 Incomplete Data Deletion
Data deletion is something that should be done very carefully. Threats related to data deletion usually exist because you don’t have full visibility into where your data is physically stored in the cloud. This reduces your ability to verify whether or not your data has been securely deleted.
The risk is especially concerning in a multi-tenant cloud environment, where your data is spread across an array of different storage devices within the cloud infrastructure.
Moreover, every cloud service provider has its own data deletion procedures. In such cases, it can become difficult for organizations to make sure that the remnants of their data do not fall into the wrong hands. This can pose huge data security and privacy risk, endangering the integrity and safety of your valuable data.
#5 Lambda Command Injection
Lambda function, an AWS serverless computing service, executes code as and when needed. Once the code has been executed, the computing instance responsible for the execution decommissions itself. While serverless computing is significantly more secure, there are still some security threats.
In the case of serverless computing services like Lambda, OS Command Injection comes under the category of Data Event Injections. Lambda command injection passes an unexpected event in the form of a request with special strings to the vulnerable function that gets evaluated and interpreted to OS-level operations. Your data is at serious risk if your cloud service is left vulnerable to Lambda Command Injection.
#6 Insecure APIs
Application user interfaces (APIs) are widely used to streamline cloud computing. APIs not only enhance the convenience and boost efficiency but also make it very easy to share information between multiple applications. However, when left insecure, they can be a source of numerous cloud vulnerabilities and serve as a very easy point of attack for malicious actors.
By exploiting insecure APIs, threat actors can easily launch DDoS attacks and gain access to sensitive enterprise data while staying undetected. In fact, according to research conducted by Gartner, API abuses are expected to become the most commonly used attack vector by 2022.
#7 Failure of Separation Among Multiple Tenants
The failure to maintain fool-proof separation between tenants in a cloud environment that supports multi-tenancy can prove to be one of the gravest cloud vulnerabilities. Malicious actors can easily take advantage of this failure to gain access to an organization’s assets or data through another user’s resource.
Multi-tenancy, when handled improperly, can increase the attack surface and lead to data leakage if its separation controls fail. This vulnerability, if not mitigated at once, can seriously endanger an organization’s data security and privacy.
These are just some of the many vulnerabilities haunting cloud environments worldwide. While moving to the cloud has become important to survive in today’s digitized world, failure to take the necessary precautions is nothing short of reckless endangerment.
One of the best ways to stay ahead of this threat is by conducting regular cloud penetration testing and mitigating all the detected vulnerabilities on priority. It’s always a wise choice to identify all the weaknesses in your cloud environment before threat actors can exploit them.
By Security Boulevard
