Cyber Insiders - Magazine - Page 15
IABs are shifting their focus from the
opportunistic compromise of one-off internetfacing assets for resale as proxies, to
targeting corporate networks and the resale
of access to Cloud management accounts and
related infrastructure.
Before Cloud became as prevalent as it is
today, IABs typically achieved their ends by
compromising Remote Desktop Protocol (RDP)
boxes or web shells and then selling access.
Now, cyber threat actors can target every user
of a domain services app via API and pick up
a whole host of domain admin accounts.
For example, they could target every Office
365 user within an organisation using the
same fake login page or target multiple
misconfigured AWS admin panels – it’s easy
to see how this sort of attack can be scaled
quite easily in a Cloud enabled world.
3 – Supply chain attack to achieve
dominance and scale
In
today’s
digitally
enabled
and
interconnected world, businesses are ever
more reliant on third-party suppliers for their
operations. This increasing reliance combined
with the inclusion of more third-party
suppliers into their networks, is putting
businesses at a growing risk of a third-party
supply chain attack.
Typically, a supply chain attack exploits the
implicit trust between organisations that do
business together. Attackers will always go
after the weakest link the chain of trust, and
one breach in a supply chain can be like
giving an attacker the key to the kingdom.
In the world of Cloud, through a single-entry
point attackers can access sensitive data
across thousands of organisations, or
unrestricted access to their networks with
potentially
wide
and
damaging
consequences. For example, if one of your
vendors has a security gap in the form of a
Cloud misconfiguration, an attacker could
exploit this to use the vendor’s network to gain
access and from their pivot into your network
using that trusted relationship.
What controls can be put in place to
remediate these issues?
To effectively manage your Cloud network,
whether it’s a single or multi-cloud
environment, you need to establish visibility
and control. Organisations should be
assessing their resources and business needs
to ensure that they securely deploy the right
Cloud solutions so that their Cloud
environment doesn’t outstrip their IT-teams
capacity.
Adarma’s Cloud security specialists can help
you implement the appropriate controls,
establish effective threat management, and
strategically plan your workload deployment.
Our Managed Detection and Response for
Cloud service ensures you are monitoring your
entire Cloud environment and can quickly
detect, respond to and remediate risks to
ensure that your Cloud deployments are not
introducing additional business risk.
For more advice and tips on how to manage
your exposure in a Cloud-smart world, please
see our 4-part Cloud Security series.
– Cloud Security Part 1: Understanding Your
Attack Surface
– Cloud Security Part 2: Understanding &
Managing Third Party Risk
– Cloud Security Part 3: Identifying Cloud
Misconfigurations & How to Fix Them
– Cloud Security Part 4: 6 Key Security
Monitoring Concepts
CYBER INSIDERS MAGAZINE
15