Cloud Breaches to Become Faster and Bigger, Research Suggests

Cloud breaches continue to riddle organizations’ threat landscape, with misconfigured cloud storage services and poor security practices leading to more than 200 breaches in the past two years, according to the latest Accurics report.

“This trend will likely increase in velocity and scale,” researchers warned. Misconfigured cloud storage services were prevalent in 93% of analyzed cloud deployments, and 91% of these deployments “had at least one network exposure where a security group was left wide open.”

The study also highlights emerging practices regarding unsecured storage services, such as the use of hardcoded private keys found in 72% of deployments, and unprotected credentials stored in container configuration files, found in half of analyzed deployments.

This poor security practice “is worrisome given that 84% of organizations are using containers,” researchers said. “These keys and credentials could be used by unauthorized users to gain access to sensitive cloud resources.”

Among the three most common poor security practices surrounding cloud deployment, the report underlines that 41% of organizations had one or more hardcoded keys with high privileges that were used to provision compute resources, and 89% had overly permissive IAM policies used by one or more highly sensitive resources. Additionally, network exposures resulting from misconfigured routing rules were seen in 100% of deployments analyzed by researchers.

As a result of these three misconfigurations, in recent years threat actors have been able to breach prominent organizations. For example, the Capitol One breach that affected over 100 million individuals in the US and Canada was made possible due to a vulnerability in a cloud compute resource.

By exploiting this vulnerability, researchers noted that the attacker was able to gain “a set of AWS access keys that were associated with an IAM role with excessive permissions.” Capital One’s cloud storage services was then accessed, revealing unencrypted data, including nearly 140,000 Social Security Numbers (SSN), 80,000 bank account numbers on US consumers, and 1 million Social Insurance Number for Canadian customers.

“The adoption of cloud native infrastructure such as serverless, containers, and service mesh are enabling organizations to deliver new innovations to market,” said Om Moolchandan, CTO at Accurics. “It is now more important than ever to understand cloud infrastructure configuration practices that are creating exposures.”

The report also suggests that additional potential exposure can stem from unused resources. According to analysis, 31% of organizations have unused resources that added to a default virtual private cloud (VPC) upon creation if a scope is not defined.

“Aside from the cost implications, unused resources may go undetected during security assessments, creating potential exposures,” Accurics researchers added.