7 Dangerous Ways Hackers Use to Launch Cloud Attacks on Your Business Cloud
By Mohammad Ali
According to cloud statistics, the global cloud computing market will surpass the 330 billionmark in 2020. 90% of companies have already adopted cloud technology. What’s even more interesting is the fact that almost one third of the company's IT budget goes to cloud services. What’s more, it is predicted that 94% of all workload will be handled by cloud data centers by 2021.
Despite challenges such as security, privacy and lack of training, enterprise adoption of cloud is on the rise. As more and more businesses jump on the cloud computing technology bandwagon, hackers will also shift their focus from traditional hardware such as databases, networks or cheap dedicated servers to cloud infrastructure. Not only that, cyber attackers are constantly looking for new vulnerabilities which they can exploit to steal data stored in the cloud.
Businesses should not only be aware of common cloud attacks but should also know about sneaky tactics hackers use to target your business cloud. Cloud security awareness is key. The more aware your business is about these attacks and techniques, the better you can handle emerging cloud-based threats.
In this article, you will learn about seven shady tactics hackers use to target your cloud infrastructure and what you can do about it.
1. Account Hijacking
Cybersecurity attacks coordinated with the sole purpose of hijacking accounts by using API credentials are the most common type of attack targeting the cloud. Hackers want to get their hands on access keys and SaaS tokens and when they succeed in stealing these access keys and tokens, they use it to create a host. Next, they use these hosts to make API calls to perform malicious actions or start privilege escalation.
Some cyber attackers use reverse engineering techniques, decompile android apps to pull these static credentials from there while others try to hack the developer's machine so they can analyze the command history and configuration files to find access keys. Avoid posting your credentials and access keys publicly and always scan for your credentials in the code repository if you are using one.
2. Brute Force Attacks
Another common tactic cybercriminal uses to get access to your cloud is brute force attack. Cyber attackers are creating and sending phishing emails that contain malicious attachments, links or pages connected to your cloud accounts. You might see a pop up that asks you to enter your credentials or you will be directed to a fake page of a popular cloud service, which might look similar to the real one but in reality it is a fake clone.
The worst part, once an attacker succeeds in getting access to your cloud environment, they share it with another threat group, which multiplies the risk and paves the way for future attacks. It is a vicious cycle that never stops as your credentials move from one hand to another.
3. Crypto mining
When hackers fail to break into your cloud accounts, they try a different technique. They use your cloud resources to mine crypto currency and bring your cloud dependent operations down to a grinding halt. Hackers inject crypto miners and try to connect to a network. If that does not work, they target virtual machines or exposed instances and inject crypto miners. This enables them to monetize the access quickly. With cyber attackers working hard to conceal their identity and activities, finding traces of crypto mining or identifying suspicious activity might not be easy.
4. Server Request Forgery
Server-Side Request Forgery (SSRF) is the fastest growing and most dangerous attack methods cyber criminals use to target cloud platforms. Apps use metadata APIs for accessing configurations, logs and credentials as well as other information present on the cloud. This attack method allows attackers to move laterally and wreak havoc on your organization's network.
To get access to your network, hackers will first have to identify a flaw which they can exploit to steal account credentials through metadata services. Next, they use those credentials to create a new session with their own environment. This allows hackers to make API calls which allows them to take suspicious actions and escalate privileges.
Attacks caused by misconfigurations are still rampant because organizations are struggling to protect their data in the cloud. To improve things, businesses try to place their sensitive data into object storage. Unfortunately, even that object storage is not protected properly. What’s even worse, there is little to no access control and permissions which can prevent unauthorized access. In most cases, it is publicly accessible. Once hackers discover an open, unprotected data store, they pounce on it and extract data.
Even though cloud providers offer tools to mitigate the risks, very few organizations use them as they are too complex to use. The best thing you can do to combat this situation is stop anybody from making it publicly accessible.
6. Targeting Popular Cloud Platforms
According to the Improve Cyber Threat Index report, there is a 16% increase in web based attacks from public clouds during November and December 2019. Amazon Web Services was the biggest target as 52.9% of all attacks originated from that platform alone.
As the reliance on cloud platforms and services increases, we will see more cyberattacks targeting these platforms. The callous attitude of users towards passwords make matters worse. This allows cybercriminals to launch phishing emails with links that direct you to fake cloud services pages. Cloud service providers need to constantly monitor malicious behavior and run an audit from time to time.
7. Exploiting Gaps In Supply Chain
Most enterprises don’t even consider their cloud supply chain as a potential security threat. As a result, they rarely have an incident response to deal with unforeseen situations. This can have devastating consequences for the business because hackers can exploit gaps in your cloud-based supply chain and launch dangerous cybersecurity attacks. That is why it is important for enterprises to have a process in place and gain visibility so you can react in a timely manner. Create a service level agreement and get it signed by your cloud service provider. Have an incident response plan ready and test its effectiveness periodically.
Which cloud based attacks have your business experienced? How do you deal with cloud-based attacks? Let us know in the comments section below.
Mohammad Ali is an experienced digital marketer and a search engine marketing specialist who is currently associated with Taskque, as senior digital marketer and brand strategist.