Terrible cloud security opens the door for hackers. This is what you are doing wrong

Cloud applications and services are a prime target for hackers, as poor cybersecurity management and misconfigured services expose them to the Internet and make them vulnerable to simple cyberattacks.

Analysis of identity and access management (IAM) policies, considering hundreds of thousands of users in 18,000 cloud environments in 200 organizations by cybersecurity researchers at Palo Alto Networks, found that cloud accounts and services leave doors open for cybercriminals to exploit — and businesses and users in danger.

The global pandemic pushed organizations and employees to new ways of remote and hybrid working, using cloud services and applications. While beneficial to businesses and employees, it also created additional cybersecurity risks — and malicious hackers know this.

“With the pandemic-driven transition to cloud platforms in recent years, malicious actors have had it easier than ever to track their targets in the cloud,” said John Morello, vice president of Prisma Cloud at Palo Alto Networks.

SEE: Cloud Security in 2022: A Business Guide to Essential Tools and Best Practices

According to the research, 99% of cloud users, services and resources offer excessive permissions. In most cases, these permissions and administrative privileges are not necessary for ordinary users, but there is a risk that, if cloud accounts are compromised, cyber attackers could exploit redundant permissions to modify, create, or delete resources in the cloud environment, and to by moving networks to increase the scope of attacks.

Another practice that doesn’t help IT departments is poor password security, with most cloud accounts – 53% – allowing weak passwords less than 14 characters, while 44% of cloud accounts allow the user to reuse a password associated with another. account.

Weak passwords are vulnerable to brute-force and credential-stuffing attacks, in which cyber attackers use automated software to test weak passwords against accounts. Accounts are particularly at risk if the password used to secure them is particularly common.

Reuse of passwords also poses a risk to cloud accounts. If the user has had their password leaked or hacked for a separate account, attackers will test it with their other accounts. If it is the same password, they will be able to access the cloud account, putting the user and the rest of the business cloud services at risk from further attacks.

This risk is compounded by the fact that cloud accounts are publicly exposed to the Internet in the first place. According to the research, nearly two-thirds of organizations have cloud resources, such as buckets and databases, that are misconfigured to be accessible without the need for authentication.

That means that cyber criminals don’t even need to breach credentials to steal sensitive information, they just need the URL. Identifying these buckets and servers and making sure they don’t show up on the open web is a must for cybersecurity teams.

For all cloud services, a properly configured IAM can block accidental access, so ensure that users implement complex, unique passwords – and their accounts must also be protected with multi-factor authentication.

IT departments should also consider whether regular accounts require administrative privileges. While a legitimate user with this level of access might not be considered a risk, an intruder with admin access holds the keys to the entire cloud kingdom.


Leave a Comment