Predominant Cloud Vulnerability and Security Threat
According to the National Security Agency (NSA), “misconfiguration of cloud resources remains the most prevalent cloud vulnerability,” which subsequently attackers with low or no sophistication could easily exploit and get access to the cloud data and resources. The threat of security misconfiguration hasn’t been slowing down. It keeps constantly growing because of more immigrations to the cloud, the rise of multi-cloud solutions, and the complexity associated with new solutions. According to the 2020 Verizon Data Breach Investigations Report (2020-DBIR), only hacking earned a higher ranking than misconfiguration errors, causing data breaches.
One of the recent examples of misconfiguration victims is Accenture, an Irish American professional, and IT services company based in Dublin. In August 2021, Accenture was reported as the subject of a massive data breach as a result of unintentional misconfiguration and leaving four Amazon Web Services (S3) open and visible to the public containing hundreds of gigabytes of confidential API data, clients’ data, and security credentials, including approximately 40,000 passwords in plain text, internal encryption keys, and other sensitive information. LockBit ransomware attackers were asking for 50 million dollars to unlock the data. Accenture claims they had refused to pay the ransom and were able to contain the breach. However, it’s been reported that attackers had published some of the data on the Dark Web already.
There are some simple steps to avoid such massive impacts such as:
- Develop and implement security policies
- Creating templets for services and their configurations
- Security automation
- Multistep configuration checking
- Routine recheck and verification process