So here are the dirty dozen cloud attacks. So who saw the news about Yahoo? It is a perfect time to talk about Yahoo, right? They got that many accounts breached, with usernames and passwords.
Now if you’re a regular traditional user, what ends up happening, you have the same password for Yahoo that you do for your Gmail, that you do for your Live account, that you do for whatever account. Traditional users, not necessarily IT security users, but traditional users like to use the same user name and password all throughout, right?
So when you look at the number 1 through 12 attacks that happen in the cloud, data breaches is number one. Simply because, now, attackers are getting smarter and smarter as they start to take different methods and mechanisms to attack your environment, cloud is a big hole for them.
Because you don’t have the same level of control that you do on premise, they are starting to find those vulnerabilities, those insecure APIs, those identity and access management issues. Who here does not rename their administrator account? Right, so got some good security professional, nobody’s going to say that, they are getting attacked, but you think about that, right? That’s one of the key things.
You see people that go after very common user name and passwords, right? Administrators want to go ahead and attack this account, there is only a certain amount of combinations that they will probably get before they do that. That’s where you start to see data breaches and weak identity and access management and insecure APIs as well.
The other thing around that is when we start to see system and application vulnerabilities, as items get provisioned in the cloud, one of the key challenges are that you are not really encrypting your data. Your data at rest, your data in motion. So as your data is passing through your on-premise, as your data is passing through your environments, if you are going hybrid, unless you’re 100% cloud, you still have a lot of attacks that can happen in your environment.
A technology expert coming from a customer acquisition, reports that they were adopting the cloud. They were going to start adopting Microsoft Azure storage. They planned to take a shared storage and things that they have on their SAN system.
Because they were not looking at provisioning more storage, they started to put that storage up in the cloud and started to take some of their key elements that they have and put that up there. As they did that, they started to see a lot of MP3 files and shareware that users had, or that millennials had that were starting to go up there.
As they move the business forward a little bit, they saw that 90% of the files that were going to the cloud, were just personal files. There were some MP3 files, there were some viruses that were getting pushed up as a result of system vulnerabilities.
So they changed their method to putting on the white list of the files that they want. The second that they did that, they saw that the issue had stopped. For how long? Just about 24 hours, and immediately 24 hours later they started to see the storage is increasing again. So trying to find out, where are these malicious things coming from? Is it an outside attack? Is it inside? What’s going on?
They found out that the end users, that were some malicious insiders, were right clicking and renaming their mp3 files to pdf. How’s that? That’s some fun stuff, right? So users are getting smarter and smarter but what they’re doing is inadvertently, accidentally becoming malicious insiders without that education.