In the past year and a half, there has been no shortage of news reports on security incidents involving unsecured cloud services. For example, in Fall 2017, news broke that Accenture, one of the leading global consulting and management firms, accidently left 4 AWS S3 storage buckets open to the public. This essentially gave anyone with internet access the ability—provided they knew the servers’ web addresses—to see private customer information, certificates and keys to decrypt web traffic between Accenture and its customers, 40,000 passwords, and other sensitive data pertaining to the company’s customers. Accenture went on to report that no third party gained unauthorized access.
In addition, just last summer it was reported that GoDaddy, which is considered to be the world’s largest domain name registrar, had an unsecured Amazon S3 bucket due to yet another cloud storage misconfiguration. This S3 bucket was said to have contained configuration data on over 24,000 systems within GoDaddy’s hosting infrastructure, as well as competitively sensitive pricing options for running those systems in AWS. The list of security incidents due to misconfigured cloud services goes on, as detailed in a November 2018 ZDNet article.
Questioning Cloud Data Security
Certainly, the threat of a configuration mishap is real, and companies that have moved portions of their data and applications to the cloud, or are considering doing so, need to take steps to ensure they do not make a similar mistake. However, the question is begged: Are organizations fully aware of the tens of thousands of “very deliberate” and “very persistent” cyberthreats being launched at cloud and on-premise workloads every day?
Understanding Cyberthreats Against Cloud Data
Armor, which protects cloud and on-premise workloads of 1,200 organizations around the globe 24/7/365, knows the cyberthreat landscape and is passionate that companies fully understand the risks surrounding their data and applications, no matter where they reside. Any data exposed to the internet is a prime target for cybercriminals, including data stored in the cloud. With that in mind, Armor’s Threat Resistance Unit (TRU) decided to do a deep dive into the threat activity they and their fellow security analysts, incident responders, and researchers detected and shut down in 2018, which was no less than 681 million incidents. From this research, we developed our latest threat intelligence report to break down our findings.
The attacks detected ranged from old-school Brute-Force Attacks (which sadly continue to be successful against targets, both large and small) to more current attacks targeting Internet of Things (IoT) devices.
Our team also spent time studying the threat traffic to determine if the majority of the incidents were targeted, or attacks of opportunity. Finally, the TRU team developed a list of security recommendations to specifically defend one’s cloud data from similar attacks and outlined what they believe will be some of the most pervasive cyber threats to emerge in 2019, including more IoT attacks and DDoS campaigns, exploits targeting containers and cloud services, as well as targeted and more sophisticated ransomware.
To find out more, you can read the full report here. It is our hope that by sharing these findings as well as our security expertise and the collective insight gained by protecting 1,200 cloud customers across the globe, other companies migrating to the cloud will implement a cybersecurity program enabling their business to thrive in a secure manner.