Protect your realm!

Learning Center

Welcome To Our Think Tank

Cloud Environment: What Punctures It and How to Prevent It

With the current advancement brought about by technology, more and more businesses and organizations have turned to cloud computing. It revolutionized how enterprises use, store, and share data. Along with its infinite advantages comes a host of challenges and security threats. The sheer volume of public cloud usage inevitably increases the risk of sensitive data breach.

How Can An Attack Affect you?

Contrary to what other people believe, cloud environment attacks do not only affect you and your company; it can spread to your client’s data as well as their company’s. Likewise, hackers can steal information from you, your clients, and your users. Though these attacks may be far-fetched in your opinion, it is better to prepare for them and prevent anyone from attacking your cloud environment.

Attack Vectors To Watch Out For

Cross-Cloud Attacks

This type of cyber attack happens when a customer transfers their workload to a public cloud environment and connects to a VPN channel in order to move between public and private clouds. The cyber attacker can breach one of these environments and move laterally from there. There are some vulnerabilities that the attacker can exploit and can persist in a targeted network, despite security defenses from the cloud. Reconnaissance before and after the migration is the key to preventing this type of attack.

Orchestration Attacks

The main objective of orchestration attacks is to steal cryptography keys and use it to assign privileges to cloud resources. By doing so, attackers can create new virtual machines and access the customers' cloud storage. Cloud orchestration is used to allocate storage capacity, create virtual machines, and manage identities, once it is breached, the cybercriminal can make backup accounts and use it to access other resources. Orchestration attacks are extremely hard to detect, a sound security team that can analyze account and network behaviors is essential in preventing this type of attack vector.

Cryptojacking

The popularity of cryptocurrencies gave way to the prevalence of Cryptojacking. Attackers use a crypto mining script on a website or in an ad for a website. Once the victim visits the website, the script automatically executes. Cybercriminals exploit the weakness of security programs in the cloud environment. Due to the immaturity of these cloud programs and the rising popularity of Bitcoin and other cryptocurrencies, Cryptojacking proves to be a lucrative scheme for cyber attackers. Installing Cryptojacking blockers on the browser, rotation of access keys, and restriction of outbound traffic are good security measures to avoid being a victim of Cryptojacking.

Cross Tenant Attacks

Cloud providers are most vulnerable in this kind of attacks. The traffic generated by data exchange and share services create a security gap. With numerous tenants using the same cloud, the growth of the data resources is too huge to be handled by the perimeter or the security devices. It poses greater risks for Cloud service providers who offer tenants the provision to compute sales and network since these networks don’t pass through the traditional security controls of the cloud providers. Cloud service providers said that they have improved their security perimeter to avoid this kind of threat. Better encryption and regular audit of the security system is critical to avoid cross tenant attacks.

Cross Data Center Attacks

Points of delivery, (PoD) is a method used to manage data centers. These are modules that are designed to work together to deliver the services needed. As data centers expand, it is common for them to interconnect these modules and add more. Attackers only need to worry about getting inside a data center. Once they are inside, they don’t face boundaries when trying to get inside the modules and other data within the said data center. Redirecting traffic using a multilayered system can protect you from these kinds of attacks.

Instant Metadata APIs Misuse

All cloud service providers offer Instant Metadata API. These do not exist in the on-prem world; therefore, it is not monitored or secured correctly. In this case, attackers can easily exploit it by use of proxies and Docker images. Reverse proxies are configured to let someone set a host that calls instant metadata API to obtain credentials. If permissions are not properly set, an attacker may come in. The second way is via Docker images. Ease of use makes people trust downloading images easily. However, attackers can leverage malicious commands with access keys with these. When providing permission to who can access your data, make sure you are only giving the proper ones.

Serverless Attack

Function-as-a-service or what is called Serverless Architecture, is popular despite its being new to the playing field. Here, no scaling, deployment, and maintenance of the servers should be done by the users. However easy it is for the users, security measures are proving to be challenging here. Typically, FaaS servers work by having a writable temporary file system. Therefore, attackers can easily attack the temporary files. There are very little traditional countermeasures that you can do to prevent the serverless attack. But if you are able to redirect traffic even before it reaches FaaS, then you’re good.

Cross Workload Attacks

Virtualization is a key enabling technology in cloud computing. Multiple tenants can share the computing resource of the cloud provider on demand. While sharing can reduce computing expenses, it also brings security vulnerability since the isolation between different VMs could be violated through side-channel attacks. One of the challenges is enforcing the isolation between different VMs (Virtual Machines) and only allowing legal communications to protect the user’s security-critical data from leakage. Both cloud providers and users have various mechanisms to defend against data leakage. For example, a guest VM can deploy a DIFC (Decentralized Information Flow Control) mechanism to track and control specific data flow, e.g., not allowing a private key to be sent through the network. However, an attacker may still transfer data across different VM by using a side channel to bypass such a security mechanism.

Questions to ask to prevent an attack

To prevent the above-mentioned attacks, here are two questions that you should ask your IT security and your operation professionals.

  • Is this type of attack possible in my environment?

  • What can we do to mitigate the risk?

It makes sense to ask these questions in this order. Your first step is to properly understand your environment and what risks to watch out for. Eliminate the risks that you are not vulnerable of, and provide solutions to those that you are. As they say, prevention is better than cure. Even if you seem safe for the time being, it is better to spend time and resources securing that safety. Once an attack enters your environment, you will be spending more time eliminating it than protecting it in the first place.