Anatomy of a Data Breach, Part 4: Hacking the Cloud

At a large health insurance provider, a seed is planted for a multi-million-dollar crime. Because years-old default account information was not fully purged from a legacy database application, a backdoor to a giant data repository stored in a cloud application has been left ajar.

For a malicious hacker working in another part of the world, this is just the opportunity he has been waiting for. The hacker is seeking sensitive personal information; the insurance provider offers a target.

Having launched a credential-stuffing attack across a number of cloud sites in search of access using that very password, the hacker now gets the strike he was waiting for. In just seconds, the insurance provider’s database is at his virtual disposal. Priceless information entrusted by the insurer’s many clients is just a few keystrokes from being squirreled away into the depths of the dark web.

The growth of cloud-based hacks

Organizations can focus so much on the many obvious benefits of cloud technology that they either underestimate or completely fail to consider the risks. According to a 2023 IBM report, 82% of data breaches involve data stored in the cloud.

The mass migration by enterprises of infrastructure to cloud technology has triggered a similar shift by cybercriminals. They see in such vast storage spaces out-of-view playgrounds of staggering complexity where the secrets of millions can be gathered and exploited with comparative ease.

“As enterprise IT stakeholders’ understanding of and confidence in implementing the cloud has improved, so has the sophistication of threat actors that want to leverage its complexity for their own malicious intent.”

In the example of the insurer, the use of insecure data in the form of a long-forgotten default password setting provided an entry point for a diligent and industrious hacker. This is known as “misconfiguration,” in which cloud assets are set up in a way that makes a cloud site vulnerable.

Types of cloud-based vulnerabilities

Misconfiguration is the most common issue, according to the National Security Agency, and very much on the rise. 

Misconfiguration takes many forms. Overpermissioning, for example, where too many people are given access to cloud files, is a factor in many breaches, both involving human and machine users. The same access given to certain high-priority users may be portioned out to less critical people in the organization. This increases cloud exposure; so does the fact that most organizations use many clouds.

Configuration drift is where too many changes are made to data storage components without consistency in their implementation or tracking. Such inherent disparities create openings that can function in the same way as an unaltered password in the wrong set of hands.

Other common forms of misconfiguration include insecure use of data backups or authentication keys, missing logs and basic human error in the initial placement of data.

Data sprawl can also be a problem for cloud security. So-called “shadow data,” or entire files stored and forgotten within a cloud configuration, can become dangerous to security when left unencrypted or unchecked. Data leakage, where cloud-based data is accidentally shared with the wrong people, also raises exposure risk.

Finally, legacy issues often occur when older applications migrated into the cloud are exploited for their well-known vulnerabilities. The example at the insurer above could be termed both a misconfiguration issue and a legacy issue.

Detecting cloud attacks early

How do you know your enterprise has been victimized by a cloud data breach? In today’s world, it may well already have been.

In some types of data breaches, like ransomware or DDoS attacks, the object is frequently blackmailed, either by threatening to release sensitive information or by blocking access. In other types of data breaches, like straightforward data theft, keeping the victim in the dark is part of the plan.

Cloud data breaches can involve any of these attack types. The off-premises nature of cloud technology makes security more of a challenge. 

According to one 2023 report, 39% of businesses have experienced a data breach in their cloud environment in the last year, up from 35% in 2022. Yet the same report notes only 22% of IT professionals at these businesses encrypt 60% or more of their most sensitive data.

Clearly, there are many holes in safety nets for ambitious hackers to exploit. An effective cloud security strategy depends on two separate yet intertwined things.

One of these is heightened vigilance. Being aware of what data your enterprise has stored in specific cloud applications and where specific files are located are critical to keeping your enterprise safe from cloud hacks. So is the careful tracking of any activity, whether or not the proper permissions are in place.

The other key component for a successful strategy is having a single cloud security platform from which to operate. The use of multiple clouds is not only common but necessary for larger enterprises, whether they are public agencies or private-sector corporations. Having one location from which all cloud activity can be managed is a smart management practice.

Having a partner you can trust

A managed cloud security platform run with a trusted technology partner can give your IT security leaders the backup they need to catch and act on a wide variety of threats before they magnify into major disruptions. Managed Cloud Security from Spectrum Enterprise offers CISOs an effective means for deploying cloud solutions safely and securely.

The right managed cloud security platform should not only help an enterprise detect threats, but prioritize them based on their potential danger level and offer immediate mitigation protocols if a breach happens to occur. From full protection to seamless system integration to the scalability to grow with an enterprise’s needs, the right managed cloud security system can be a critical difference maker in the hands of an enterprising CISO seeking to reduce an enterprise’s risk profile.

Returning to the large insurance provider that failed to clean out default account information, a significant hole was there to be exploited. Yet the result of its discovery by the hacker proved in the end less damaging than it might otherwise have been. 

The insurance provider’s IT unit had a managed security platform set up to detect just such a breach. By tracking a suspicious pattern in the way cloud data was being moved, IT, alerted by their cloud security partner, was able to catch the breach within a short time, locking down the leak and identifying its cause before serious damage could be done.

Learn how your government organization can take the first steps to smart-space transformation, and other ways you can help your organization exceed its service goals today and tomorrow with Spectrum Enterprise solutions.