News
Research

Cloud Security Trends and Equipping your “PreCrime” Unit to Combat Tomorrow’s Cybercrime

RedLock CSI Team

02.22.18 6:00 AM

RedLock | Cloud Security Trends Report - Feburary 2018

"Minority Report” officers behind the PreCrime police force reduced felonies by 99.8 percent, and by April 2054, Washington, D.C., and Northern Virginia were murder-free for five consecutive years. As far-fetched as the Philip K. Dick-novel-turned-Steven-Spielberg-blockbuster scenario may have seemed, law enforcement officials today are increasingly able to predict who will commit crimes, along with when and where they will be committed — long before they have occurred.

 

Although we may not yet be able to preemptively put cybercriminals and hackers behind bars prior to infiltrating our networks, companies today are utilizing powerful AI and security analytics to “see” risks and suspicious activity for actionable cybercrime prevention.

The RedLock Cloud Security Intelligence (CSI) team studied threats across public cloud environments from September 2017 to January 2018 and published their findings in the third edition of the Cloud Security Trends report to highlight key issues.

Account compromises are on the rise

While we saw a number of data exposures last year related to cloud misconfigurations such as publicly exposed Amazon S3 (Amazon Simple Storage Service) buckets, new research suggests that the primary attack vector will be compromised accounts.

Case in point: the RedLock CSI team recently discovered an unprotected Kubernetes console that belongs to Tesla. Within one Kubernetes pod, access credentials were exposed to Tesla’s AWS environment. Further examination of the environment revealed that it contained an Amazon S3 bucket containing sensitive telemetry data.

Perhaps the most alarming statistic discovered by the RedLock CSI team was the fact that 73% of organizations are allowing the root user account to be used to perform activities. Furthermore, 16% of organizations have user accounts that have potentially been compromised.

Cryptojacking epidemic: hackers shift focus from stealing data to stealing compute

The soaring value of cryptocurrencies has captured the attention of audiences around the world including hackers. As a result, we are seeing a cryptojacking epidemic. It is becoming far more lucrative for hackers to steal organizations’ compute for mining cryptocurrencies than to steal their data.

Similar to the cryptojacking incidents revealed last year at Gemalto and Aviva, the RedLock CSI team recently discovered that Tesla had been targeted by hackers. Essentially, hackers were running crypto mining scripts on Tesla’s unsecured Kubernetes instances.

One of the takeaways from the Cloud Security Trends February 2018 Report is that aside from monitoring public cloud environments for risky configurations and account compromises, organizations must also have effective network intrusion detection solutions in place.

The research that 8% of organizations are impacted and this particular strain of criminality mostly goes unnoticed, thanks to ineffective network monitoring.

Long road ahead to GDPR readiness

The RedLock CSI team analyzed that 58% of organizations using cloud storage services such as Amazon S3 and Microsoft Azure Blob storage had inadvertently exposed one or more such

services to the public - and a staggering 66% of databases in the cloud are not being encrypted.

While it’s encouraging these trends are slowing compared to last year, time is running out as GDPR officially comes into effect May 2018.

Spectre and Meltdown vulnerabilities - a rude awakening

Amazon, Microsoft, and Google rushed to patch their operating systems after the fire drill of the Spectre and Meltdown vulnerabilities. However, security in the cloud is a shared responsibility (Figure 1) and requires that organizations also do their part by identifying vulnerable hosts and implementing the mitigations.

RedLock | Figure 1 - shared responsibility model

 Figure 1 - shared responsibility model

The research revealed that 83% of vulnerable hosts in the cloud are receiving traffic from suspicious locations, suggesting attempted exploitation. What’s worse, legacy on prem host vulnerability management and network intrusion detection technologies don’t translate to dynamic public cloud environments.

Get the Cloud Security Trends - February 2018 edition

redlock cloud security trends February 2018

 The threats are real and cybercriminals are evolving and actively targetinginformation - and more - left unsecured in public cloud environments. Our report provides 11 Tips for your “PreCrime” Unit to Combat Tomorrow’s Cybercrime. View our complete findings by downloading the Cloud Security Trends - February 2018 report.

Download the Report

 

 

    

Subscribe to Email Updates

Recent Posts