Cyber Insiders - Magazine - Page 24
3 – Attacking the cloud
provider
Last but not least, a
ransomcloud attack could arise
by targeting the cloud provider
directly. This is the most
damaging of methods and most
lucrative for the attacker
because if they are successful,
it would mean they have
compromised the entire cloud
platform. In short, they could
demand ransoms from some or
all customers of the
compromised service.
Consider Microsoft Azure cloud,
in August 2021 Microsoft was
notified of a vulnerability in
their Azure Cosmos Database.
The vulnerability, an issue
identified within Jupyter
Notebooks, enabled the
perpetrator to escalate
privileges and move laterally
across the Microsoft cloud.
Although it was quickly rectified
and there were no reported
incidents of ransomware, it
does highlight the risk.
Cloud Security Responsibility
Having now investigated the
ways in which the cloud could
be compromised, we might then
ask who bears the responsibility
of maintaining its security. The
truth of the matter is the
responsibility is shared. Cloud
vendors, businesses or its
managed service provider and
even individual employees all
have a role to play; though it
may flex depending on how the
business consumes cloud. For
instance, a cloud provider will
bear greater responsibility for
businesses who adopt
serverless computing.
Conversely, the business will
own a greater degree of
responsibility if they utilise an
Infrastructure as a Service
(IaaS) model. One must simply
establish who is responsible for
what early in the cloud
migration process.
Nevertheless, it is important to
remember that a business is
always responsible for its data;
regardless of where it is hosted.
With that said, they need to be
attentive to their permissive
policies, insider threats,
phishing campaigns, and
leaked credentials. The best
way to combat some of these
challenges is to adopt best
practice measures like
following the principle of least
privilege to limit the damaging
actions that may transpire
should a cloud account be
hacked. It also means investing
in security awareness training
to curb successful phishing
attempts. Businesses must also
ensure they have clear visibility
of their cloud environments so
they can detect and remediate
issues sooner rather than later.
No matter where you are on
your cloud journey, we can help
you every step off the way to
apply risk-based policies and
controls to protect your cloud
data, applications, and
infrastructure from threat.
CYBER INSIDERS MAGAZINE
20