Posted: 4 Min ReadExpert Perspectives

How Cloud Configuration Missteps Lead to Data Breaches

As businesses migrate to the cloud, they need to confront new security blind spots. Here's the solution

In April 2016, a hacker slipped into a server hosted on a large cloud platform, accessing a database of more than 154 million U.S. voter records. The hacker did not use a sophisticated or previously unknown attack to compromise the system, but merely took advantage of a misconfiguration error: the database had no password.

Such breaches are not unique. A fifth of all data leaks in 2016 were caused by a misconfiguration or other error - the second largest source of vulnerability. In 2018, human errors continue to contribute to an increase in attackers gaining administration access to cloud resources. Yet, rather than receiving ransom notes or losing sensitive data, victims have seen their public cloud bills increase as cryptojackers steal processing power to mine cryptocurrency.

While the cost of such lapses is unknown, the incidents would have required the company to clean up the intrusion and conduct compliance checks, in addition to the cost of the malicious workloads.

Surging Cloud Momentum

Yet, businesses are rushing to the cloud and show no signs of slowing down. A majority of companies have migrated some of their infrastructure to major cloud Infrastructure-as-a-Service (IaaS) providers, with 64 percent running workloads in Amazon Web Services (AWS) and another 45 percent running workloads in Microsoft Azure. And Google claims another 18 percent of companies.

All three cloud providers operate under a shared responsibility model, making it very clear that customers are ultimately responsible for securing data and access to their cloud infrastructure. The problem is that traditional security monitoring tools don’t take into consideration new cloud threats such as hackers spinning up compute resources for crypto-mining attacks – creating security blind spots for customers.

Cloud computing allows companies to be more agile by squeezing the inefficiencies out of the application development cycle such as procuring and provisioning containers on demand, rather than waiting for IT. However, as companies move fast to deliver new products to customers, security must move faster to keep up and with security threats. Cloud configuration errors can lead to critical hole in your cloud environment and present low hanging fruit for hackers.

Here are three ways that cloud infrastructure can be misconfigured.

1. Leaky storage buckets

Amazon Simple Storage Service (S3) buckets are a popular target for hackers and security researchers. Last year, more than 1.8 billion records of highly classified US military data were exposed because three S3 buckets were "configured to allow any AWS global authenticated user to browse and download the contents."

This is only the latest discovery of a leak caused by misconfigured buckets. This summer, another S3 bucket publicly exposed thousands of internal documents belonging to a large hosting provider.

As a security best practice, companies should check S3 access control lists (ACLs) to ensure buckets and objects are not publicly accessible, especially if they store sensitive data. 

2. Open-source software vulnerabilities

The public cloud is a great place for companies to build out applications and services, and open-source software (OSS) has become a major component of such environments. Unfortunately, OSS comes with a great deal of technical maintenance debt—vulnerabilities need to be mitigated and sometimes default settings can leave customers exposed. Not servicing this debt can lead to breaches: A vulnerability in Apache Struts, a popular open-source software framework used to build web applications, led to a major breach of credit account information and default settings left unsecured instances of MongoDB, a widely used open source NoSQL database, open to compromise.

This is nothing new. Yet, when cloud platforms are left publicly accessible, you have savvy attackers scouring the public cloud IP space looking for easy-to-find mistakes. Last year, one security firm noticed a spike in scanning activity for exposed SSH private keys. Attackers realized that administrators were leaving keys in unprotected directories on public servers and began scanning for such files.

Companies need tools that automatically analyze the security configurations of their cloud environments to ensure that their resources are properly configured and are not vulnerable to hackers or exposed to the public.

3. Secrets leaked online as part of development

A third danger for corporate systems and data is when developers forget to sanitize configuration files before checking them in or out of an online repository or populating a publicly accessible test environment with real data.

Because the public cloud allows users to automate almost everything, many developers have mistakenly left access tokens, passwords, and secrets in publicly accessible repositories used to automate deployments and builds. Unfortunately, attackers have learned to scour these repositories looking for secrets that they can then use to spin up resources and mine cryptocurrency as fast as they can.

Simple things like Multi-Factor Authentication (MFA) or using services that store secrets can prevent this from happening, but with developers creating new accounts and turning on new services rapidly, companies are hard pressed to keep track of every change to configuration files.

These are only three of the ways that a simple misconfiguration can undermine the security of your cloud infrastructure.

Symantec Enterprise Blogs
Webinar

What’s new? The Broadest and Deepest Cloud Security for SaaS, PaaS & IaaS

Organizations are using more cloud services for more business-critical activities. At the same time organizations face growing privacy regulations, a high rate of data loss (accidental exposures and breaches), and ever-increasing attacks on their cloud assets.

Click Here to Attend Webinar

Automation Bolsters Security

Application development already entails tedious and lengthy tasks such as configuring provisioned resources or pushing source code to repositories. Relying on developers and sysadmins to also do the heavy manual lifting on compliance is fraught with risks. Securing your cloud infrastructure requires an automated approach to tracking your cloud assets and monitoring them for changes and mistakes. By automating the process, you reduce your exposure to manual errors and gain visibility into critical vulnerabilities that have the highest potential for breaches.

The ability to monitor your cloud infrastructure and verify security compliance is so important that it’s emerging as its own category of cloud tools: Cloud Security Posture Management (CSPM). CSPM provides you with a new way of mitigating cloud management layer configuration risks. It assesses your company’s security and compliance posture by analyzing the IaaS cloud control plane, which is used to manage and configure resources, and identifies and resolves misconfigurations.

Is your cloud infrastructure secure? Symantec Cloud Workload Assurance can help you protect your cloud resources from misconfigurations and much more. To learn how:

About the Author

Anand Visvanathan

Director, Product Management - Symantec

Anand has 17+ years of experience in security and compliance domain.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.