News
Research

Cloud Security Trends: Winter is Coming

RedLock CSI Team

10.05.17 6:00 AM

Castle.jpg

If you’re a Game of Thrones fan like us, you can probably recount a favorite battle or two that put you on pins and needles. Whether it was the Lannisters in the Battle of the Blackwater, or Daenerys and the dragons versus the White Walkers, we watched with awe as each ruthlessly defended their kingdoms and existence. While today’s cyberattacks are much less dramatic, they are fairly complex and hackers are constantly looking to exploit new vulnerabilities.

Based on a number of recent high profile attacks, it appears that hackers have their eyes set on public cloud computing environments. The types of threats range from exploiting simple misconfigurations to sophisticated multi-stage attacks. We (the RedLock Cloud Security Intelligence team) studied threats across public cloud computing environments from June to September 2017 and published our findings in the second edition of the Cloud Security Trends report to highlight key issues.

 

Data exposures are on the rise

This is occurring because organizations are failing to adhere to established security best practices. For example, we found that 53% of organizations using cloud storage services such as Amazon Simple Storage Service (Amazon S3) have inadvertently exposed one or more such services to the public (up from 40% in the May “Cloud Infrastructure Security Trends” report). This is after Amazon published a warning on this subject to all of its customers.

 

Vulnerabilities are being neglected in the cloud

We also found that 81% of organizations are not managing host vulnerabilities in the cloud, opening up organizations to potential attacks or breaches.

 

Risky users are flying under the radar

We determined that administrative user accounts for public cloud computing environments have potentially been compromised at 38% of organizations which could be used to infiltrate the environments.

 

Nefarious network activities are rampant

We discovered that 37% of databases are accepting inbound connection requests from the internet, and 7% of those are receiving requests from suspicious IP addresses, indicating they’ve been compromised.

 

Cloud attack kill chains are complex

Lastly, we found a number of Kubernetes administrative consoles that were not password protected, and some of these instances had already been compromised to mine Bitcoins.



The threats are real and cybercriminals are actively targeting information left unsecured in public cloud computing environments. Our report provides 17 tips to help you fortify your public cloud computing environment. View our complete findings by downloading the Cloud Security Trends report.

 

Download Report