A shift to cloud platforms coupled with the increase in staff work flexibility has significantly changed how businesses operate – but it’s leaving the door open for hackers.
That’s to say that some businesses are fully exposed to the internet and at risk of a cyberattack, all because of poor cybersecurity management and misconfigured services. And hackers love going for those easy targets, and open doors are easy pickings. So, cloud applications and services end up prime targets.
An investigation performed by the cybersecurity researchers at Palo Alto Networks who analysed the identity and access management (IAM) over thousands of users in 18,000 cloud environments across 200 organisations, discovered that cyber criminals are exploiting cloud accounts and services with doors that are wide open. In other words, businesses and users are at risk.
The COVID pandemic means that workers were pushed to work remotely and now since the return to “COVID normal” businesses and employees are negotiating a flexible approach to work. So more of a hybrid work arrangement. And this is possible with the aid of cloud services and application. So while the arrangement can benefit both businesses and employees, it has meant that there are additional cybersecurity risk to consider. Meanwhile malicious hackers know where our security risks lay bare.
Vice president of Prisma Cloud at Palo Alto Networks John Morello said “that transition to the cloud since the pandemic has meant it is an easier time for malicious actors to follow their targets into the cloud.”
Firstly, 99% of cloud users, services and resources have excessive permissions, according to research. For example, most users have privileges that aren’t required by regular users’ – permissions and administrator rights that can be easily exploited by hackers if the account is compromised. If the account has been compromised, the hackers can take advantage of their admin rights and modify, create, and delete cloud environment resources. In addition, they can move around the network to expand the scope of the attack.
Secondly, poor password security isn’t helping the situation either. In the same vein as our everyday accounts, our cloud accounts allow weak passwords. Statistics regarding cloud say
- 55% have passwords no longer than 14 characters
- 44% have used a password from an existing account
And accounts will be at particular risk if the password used to secure them is a common password like “123456789” or “password”
Cyber attackers use automated software to test your passwords. So that means weak passwords leave you vulnerable and vulnerable to ransomware attacks.
Meanwhile re-using passwords from your other accounts poses a risk to business. If you’ve had a separate account leaked or hacked, attackers will no doubt test it for your other accounts. So, when your cloud account is the same, they yell “bingo” as the business is fully exposed, and they’ve hit the jackpot.
Furthermore, some cloud accounts are misconfigured in such a way that allows access without the need for authentication at all. In other words, hackers will exploit exposed cloud services to gain initial access to the victim’s network. Researchers discovered that almost two-thirds of r such as buckets and databases, misconfigured
After all it makes their job so easy, they don’t even need to breach credentials to steal sensitive information. All they need is a URL. So, a must for cybersecurity teams is tightening up the identification of buckets and servers to minimise exposure on the open web.
Most importantly, proper configuration IAM for all cloud services is key to blocking unintended access. In other words, closing the door and stopping intruders from gaining access. These include implementing:
- complex, unique passwords
- multi-factor authentication
- consider whether regular accounts need administrator privileges
Please lock your doors.
