Managing Cloud Exploitation at the Edge

By Drazen Kerzan, Senior Manager, Solutions Engineering EMEA at Edgio.

  • Wednesday, 20th September 2023 Posted 1 year ago in by Phil Alsop

The global pandemic prompted small and medium sized businesses and enterprises to expedite their transition to the cloud. The Infrastructure-as-a-Service (IaaS) cloud computing model facilitates remote work, aids in digital transformation, offers scalability, enhances resilience, and has the potential to lower costs. However, this migration requires a comprehensive understanding of security ramifications and strategies for safeguarding a company's data and applications.

As with all technology introductions, it’s important to have clear security policies, tools, processes, and training. Cloud infrastructure is especially sensitive, as many critical applications are at risk, such as customer-facing applications. Companies that have embraced the cloud need to understand the Shared Responsibility Model: a security and compliance framework that explains what shared infrastructure and systems the cloud provider is responsible for maintaining and how a customer is responsible for operating systems, data, and applications utilising the cloud. Unless the model is understood and followed, it could lead to data, applications, and cloud workloads being exposed to security vulnerabilities.

 

Methods behind targeting the cloud 

Cloud exploitation involves targeting vulnerabilities in cloud infrastructure, applications, or services to gain unauthorised access, disrupt operations, steal data, or carry out other malicious activities. A cloud exploitation playbook could include attack vectors like distributed denial-of-service (DDoS) attacks, web application attacks, and bots – with the number one attack target being web applications. According to the 2023 Verizon Data Breach Investigations Report (DBIR), the majority of cyber attacks are led by organised criminals looking to disrupt business and steal data to sell. The number one reason (95%) for cyber attacks is financial gain, with 24% of all cyber attacks involving ransomware.

Consequences of cloud exploitation 

Unauthorised Access: Attackers may attempt to gain unauthorised access to cloud accounts, systems, or data by exploiting weak or stolen credentials, misconfigurations, or vulnerabilities in the cloud environment. Once inside, they can potentially access sensitive information, modify data, or launch further attacks.

Data Breaches: Cloud exploitation can result in data breaches, where attackers gain access to sensitive data stored in the cloud. This can occur due to insecure configurations, inadequate access controls, or vulnerabilities in cloud storage or databases. The stolen data can be used for various malicious purposes, such as identity theft, financial fraud, or corporate espionage.

Distributed Denial of Service (DDoS): Attackers may launch DDoS attacks against cloud services or applications, overwhelming them with a high volume of malicious traffic or requests. This can lead to service disruptions, making the cloud resources unavailable for legitimate users.

Malware Distribution: Cloud exploitation can involve hosting or distributing malware through cloud-based platforms or services. Attackers may upload malicious files or applications to cloud storage or use cloud infrastructure to propagate malware to unsuspecting users.

Account Hijacking: Cloud exploitation can involve the compromise of user accounts, allowing attackers to gain control over cloud resources. This can occur through techniques like phishing, social engineering, or exploiting vulnerabilities in authentication mechanisms. Once an account is hijacked, attackers can abuse the cloud resources for their own purposes or launch attacks from within the compromised account.

 

What actions can businesses take? 

Threat detection and mitigation speed are important for three key reasons. First, adversaries are adept at learning from open-source intelligence to develop new tactics, techniques, and procedures (TTPs) making rapid security response imperative. Second, cyber criminals are well-organised and act fast. Verizon’s 2023 DBIR noted, “more than 32% of all Log4j scanning activity over the course of the year happened within 30 days of its release (with the biggest spike of activity occurring within 17 days).” And, finally, the importance of speed is clearly illustrated by the fact that companies that contain a security breach in less than 30 days can save $1M or more.

To reduce the risk of cloud exploitation, it is crucial that businesses implement strong security measures, such as robust access controls, encryption, regular security assessments, and monitoring of cloud environments. Implementing Web Application and API Protection (WAAP) at the edge is critical to identifying and mitigating a variety of threats such as DDoS attacks, API abuse, and malicious bots. Modern-day WAAPs utilise machine learning and behavioural and signature fingerprinting for early threat detection. Further, companies using AI and automation see breaches that are 74 days shorter and save $3 million more than those without.

A WAAP rapid threat detection and mitigation solution is an invaluable tool for DevSecOps teams to implement an optimised “Observe-Orient-Decide-Act” (OODA) loop to improve meantime to Detect (MTTD) and meantime to Respond (MTTR) as new threats arise.

 

The latest innovation is a “Dual WAAP” capability that enables DevSecOp teams to test new rules in audit mode against production traffic to verify their effectiveness while lowering the risk of blocking legitimate site traffic. This increased confidence, plus the ability to integrate with existing CI/CD workflows, allows teams to push effective virtual patches out faster, closing the door on attackers more quickly than ever before. Additionally, with Dual WAAP, there is no WAAP downtime while updating rulesets, with new rules deployed across the global network sometimes in under 60 seconds.

 

What’s next for cloud infrastructure?

Cloud Infrastructure-as-a-Service has brought extreme agility to organisations. However, cloud exploitation is on the rise and it is clear from the Shared Responsibility Model that companies are partners in ensuring a secure enterprise. Cloud service providers play a crucial role in securing the cloud infrastructure, but companies must apply solutions to enhance security and protect against exploitation of operating systems, applications, endpoints, and data.

An effective option in the fight against cyberthreats is a WAAP solution. It provides rapid detection and mitigation of threats, serving as an indispensable tool for DevSecOps teams looking to enhance their "Observe-Orient-Decide-Act" (OODA) loop for quicker responses to emerging threats, reducing both mean time to detect (MTTD) and mean time to respond (MTTR).