Security of IT infrastructures was never a joke. There were always bad actors that wanted to exploit it for personal or business gain. Today, when serious portions of data, and even whole infrastructures are migrated to the cloud, it’s especially important to take care of your resources.
Hopefully, the following list of the biggest cloud security breaches could be helpful. We will highlight the changing nature of attacks, as well as provide examples of the most famous ones. We will also go through current, most important threats.
What is a cloud attack?
A cloud attack is simply an attempt to break infrastructure’s security or a successful break-in. Motivation of attackers can vary. Some want to simply test their skills but others are looking for valuable data that can be stolen, used under the umbrella of corporate espionage or resold to the rightful owner through ransomware (blocking or stealing data and expecting a ransom for it).
The number of breaches exceeded 100 million. Globally, every month. The scale of such threats is enormous, and the only answer is for security levels to match it. Later in the article, we will discuss potential solutions to these problems.
What are the threats of cloud computing?
According to a survey done by Ermetic, a cybersecurity company, almost 80% of businesses have experienced at least one cloud data breach. 43% of businesses have reported more than 10 breaches.
There are three types of IT infrastructure: public, private and hybrid. All with their own cloud security issues. Let’s discuss all of them to shine some light on the scale and seriousness of the situation.
1. A cross-cloud attack
A hacker can gain access to a private cloud by using systems located in a public cloud. The problem comes from the necessity of maintaining parallel security systems – for both public and private cloud. It can lead to incompatibilities and even worse – to security gaps, easily exploited by a skilled hacker.
2. A data center attack
The first thing to do after a successful break-in is to expand the area of effect. It’s possible because connections between various systems inside a data center are considered safe. Once someone’s in, it’s virtually impossible to get rid of him.
3. Attacks in a shared environment
This type of threat is possible because various systems that cooperate with each other on different levels have different levels of countermeasures. Plus, there are points of contact which are a vulnerability on their own.
4. Attacks between systems
Cloud loads, virtual loads and containers can communicate with each other. If one system is badly secured, an undesired person can hack it and gain access to all of them. Naturally, you can block communication between the systems but they will not be able to perform efficiently.
5. Orchestral attacks
Orchestration provides coordination of many different, important tasks such as administration, implementation of servers, RAM and network management, identity and privileges management etc. Orchestral attacks are usually used to steal logins to administrative accounts or private cryptographic keys. If this level fails, a hacker has control of the system. The way to assure cloud security in this instance is to monitor administrator’s activities – people are always the weakest link.
6. Attacks on serverless systems
Serverless applications allow organizations to perform quick implementations of key functionalities in the cloud, without the need to create a vast infrastructure. Applications that don’t need a server, use Function as a Service (FaaS), which generates additional challenges for people responsible for cloud security.
7. Misconfiguration
These types of attacks are possible due to incorrect setup of information assets. Especially vulnerable elements, include:
- insecure data storage elements,
- excessive permissions (increased number of people with - privileges makes the system unnecessarily vulnerable),
- unchanged default configuration settings
- disabled cloud security protocols
8. Crypto cloud mining
Cryptojacking, because that’s the name of this type of attack, becomes increasingly popular (more on that later). Attackers are throttling their activities therefore users can’t separate them from the standard mining system overloads.
9. Brute force attacks
Using a powerful computer or group of computers to submit randomly generated passwords and testing them sequentially until the right one is found. As you can imagine passwords like “1234” will be tested by brute-force algorithms very fast.
According to the 2020 Cloud-Native Threat Report by Aqua Security, 95% of attacks performed on cloud servers between June 2019 and July 2020 were aimed towards mining cryptocurrency. The rest were used for setting DDoS infrastructure. This level of commitment from organized crime shows that attackers heavily invest in the infrastructure needed for generating profits.
Isolated incidents are not much of an issue any more; now it’s about systemic and constant attacks which threaten cloud security on a daily basis.
The most famous cloud security breaches in the recent years
Attacks come in every shape and form. Every day there are new potential threats to take into consideration and the only way to stay safe is either to heavily invest in cloud security or look for another solution. Unfortunately, the matter of the cloud is inextricably linked with IoT security and IoT software. The Internet of Things (IoT) makes industrial operations and everyday lives a lot easier but at a cost of constant vigilance.
And it shows. The topic of cloud security has never been so relevant and important as today. As you’ll find out below, all types of companies fall victim to malicious attacks.
1. Apple iCloud
The 2014 attack on Apple’s infrastructure left many celebrities puzzled as to how this was possible and whether they will be able to save their careers. The unfortunate result of this attack was a massive leak of highly private photos into the public domain.
2. National Electoral Institute of Mexico
This public office fell victim to a 2016 cloud security breach that saw over 93 million voter registration records compromised. The reason? Poorly configured database that didn’t protect public information and made it accessible to anyone. Additionally – the Amazon cloud server was stored illegally outside Mexico.
3. Facebook and Cultura Colectiva
In 2019, the tech giant lost 146GB of data due to an inappropriately secured AWS server. 540,000 records were impacted, along with 540 million records on Facebook itself.
4. Capital One
Probably the biggest cloud security breach of 2019. Attackers have gained information about 80,000 account numbers, 140,000 Social Security numbers and 1 million Canadian Social Insurance Numbers. A technique used here is called a Server-Side Request Forgery (SSRF). The hacker used illegally obtained credentials to have access to sensitive information.
5. Microsoft
In December 2019, the giant announced that misconfigured security rules enabled exposure of the data. A massive amount of data; 250 million records to be exact. Among these entries were email and IP addresses as well as support case details.
6. Sina Weibo
When it comes to cloud security breaches, the widely understood West is not the one with a monopoly. In 2020, China’s giant social network Weibo detected a breach that contained the personal details of more than 538 million users. Although the base didn’t contain passwords or payment information, it was still a big hit, since exposed information could lead to financial fraud, scams and other stolen personality offenses.
7. Barnes & Noble
This famous book-selling chain suffered a massive cloud security attack in 2020. Although the number of compromised records remains unknown, it’s sufficient to say that there were many. American bookseller notified customers of data breach yet informed that payment details have not been exposed.
8. Google
In 2020 more than 200 million records containing a wide range of property-related data on U.S. residents landed exposed on the web. Without a password. Credit ratings, net worth, demographics and income – all publicly available for the taking. What was the cause of the leak? Google cloud server was simply left unprotected.
9. MGM
In 2020 this famous hotel in Las Vegas was hit hard when details of more than 142 million guests were found for sale on the dark web. The problem was that attackers gained unauthorized access to a misconfigured cloud server.
10. Garmin
In 2020, one of the biggest fitness tech companies fell victim to a ransomware attack that encrypted internal systems and prevented users from accessing key Garmin online services such as Garmin connect. For more than 4 days users had no access to their fitness data whatsoever. It is believed (however not confirmed) that Garmin paid a 10M$ ransom to regain control of the services.
Current biggest vulnerabilities of cloud security
According to 2020 Cloud Security Report, there are three major categories of cloud security threats: wrong platform setup or misconfiguration, unauthorized access or insecure interfaces or APIs. That’s not all, though. There are many additional challenges that could impact your business performance.
Lack of cloud security architecture and strategy
Many managers see the obvious options for cloud management. There are multiple recognizable vendors that are an obvious choice: Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform, and more. The challenge is that all these services need to align with business goals. Be scalable yet easy to maintain. Also, kept up to date and monitored for new deployment, updates and threats.
Cloud migration issues
While migrating to the cloud or from one provider to another, security is an obvious issue. But not the only one. The process spawns challenges like compliance or security policies. The transition isn’t always smooth.
Lack of proper identity, credential and access management
Many companies don’t rotate their cryptographic keys, passwords and certificates. They don’t have an automated rotation mechanism enabled. At least some of them don’t use multi-factor authentication or strong enough passwords.
Insecure interfaces and APIs
Adoption of frameworks such as Open Cloud Computing Interface (OCCI) or Cloud Infrastructure Management Interface (CIMI) can help here. As well as API key rotations.
The increasing interconnectivity of cloud functions
That breeds problems, since the more complicated the system, the more vulnerable it is for attacks.
Cloud technologies are mature and great in many business applications. There are, however, multiple challenges along the way. You can simplify the process while keeping all the benefits.
The solution for cloud security is limiting the surface of attack
At first ask yourself - does your product need to be 100% dependent on the cloud. Probably most Garmin users (including me) weren't aware of the fact that their fitness data is not stored locally, but 100% in the cloud. When the cloud was hacked, I had no access to my fitness history even having Garmin watch and Garmin app installed. Why not store my data in a decentralized way - I have many friends in my Garmin app who can track my fitness data. Why don’t use my friends' phones as backup servers for my own data? In such cases, clouds might be eliminated. Hackers would need to attack each Garmin user individually, to break the service, which is impossible.
Of course user data mining is an important element of a big tech business model, but not for the cost of security, which lack in the long run is very expensive.
Also exposing public IP addresses increases the surface of attack. You can keep every application server (with no public IP) behind a reverse proxy with a single IP address, like described in our blog post (https://husarnet.com/blog/docker-sidecar).
In all above scenarios using Husarnet VPN Client would increase the security with just a little effort.
Decentralized systems and edge computing can solve not all, but still many security issues cloud based systems face today.