Igal Gofman, XM head of security research, and Yaron Shani, XM senior security researcher, in their research, found a new attack vector in cloud providers API ( application programming interface), that gives miscreants a window to access secured cloud data. Public Cloud Infrastructure, has added a new invisible management layer, that complicates the procedure creating security challenges, that requires better understanding. Often organizations fail to understand this management layer and hence lag in securing it, inviting attacks.
Working with public cloud infrastructure without the right understanding of risks and security challenges may lead to fatal consequences with customer risks, as was the case in Capital One breach."Current security practices and controls are not sufficient to mitigate the risk posed by a misunderstanding of the public cloud", said the researchers.
Findings in the research
Researchers found that public cloud providers' APIs' accessibility over the internet opens a window for adversaries to exploit and gain access to confidential data on the cloud. And current security systems and practices are not equipped to beat the risk posed by misconfiguration of the cloud.
People who are in charge of managing cloud resources can easily gain access to APIs' using software kits and command-line tools as they are part of the development and IT team. "Once those account credentials are compromised, gaining access to high-value resources is trivial," the researchers say. Cloud APIs' can be accessed through the internet, with the correct API key, for example, the Command line interface tool, which saves the user's credentials which can be accessed by the cloud provider.
Attackers don't need a very sophisticated approach to sneak in cloud API, "In practice, the sophistication required to develop such tools is not high, because basically all the information is publicly available and well-documented by most cloud providers, meaning they document each security feature in great detail and it can serve both the defenders and the adversaries," Gofman and Shani say. And once, their credentials are compromised using cloud providers tools, it's easy for the black hats to rob you blind.
In order to protect themselves, organizations and companies should follow the best practice guidelines from the cloud provider. Large organizations should constantly and periodically monitor permissions and risk factors. Analyzing attack paths can decrease the risk factors, suggest the researchers.