Estimated reading time: 2 minutes, 44 seconds

The Increasing Risk of Cloud Cyber-Attacks Featured

The Increasing Risk of Cloud Cyber-Attacks Photo by Riccardo Chiarini on Unsplash

As more of the world’s computing infrastructure moves to the public and private cloud, it is increasingly becoming a target for cyber-attacks. Some cybercriminals are targeting a company’s cloud presence rather than directly attacking the enterprise itself. These new risks pose significant challenges that IT security professionals need to address.

Taking advantage of the possibilities offered by the cloud can result in substantial cost savings for businesses. Reductions in equipment and personnel make moving some or all of your computing infrastructure to cloud providers an attractive proposition. There are, however,  certain security aspects that need to be considered when moving to the cloud. 

Data in the cloud is subject to emerging risks from hacker groups, industrial espionage efforts, and rogue governments. We are going to look at some of the specific ways the cloud impacts the security of your data and look at a few examples of the nefarious ways that unscrupulous individuals are attempting to compromise it.

Security Risks of the Cloud

In 2016, the Cloud Security Alliance published a report titled the “Treacherous Twelve” which discussed the security issues specifically related to the on-demand and shared nature of cloud computing. Here are some of the major risks identified.

  • Weak identity, credential, and access management
  • Shared technology issues
  • Account highjacking
  • Data loss and data breaches
  • Insecure APIs
  • Malware and ransomware
  • System and application vulnerabilities
  • Denial of service attacks

A successful cyber-attack on a large cloud provider can have financial ramifications that rival those of a major natural disaster, according to zdnet.com. The economic fallout resulting from an attack on a cloud provider could exceed $100 billion.

Government agencies are not sufficiently equipped to handle a major cyber-attack. In the U.S., there is a FEMA team designated for cyber-attacks, but it is smaller than other departments in the agency. There is no real international consensus on how to best deal with cybersecurity, further complicating cloud security initiatives. 

Recent Cloud-Based Cyber-Attacks

Cyber-attacks on cloud services are increasing in frequency as more important data is being stored with cloud providers. Major providers have been affected as can be seen in these examples of recent attacks. 

Microsoft

The user accounts in the company’s cloud infrastructure have experienced a 300% increase in the number of attacks from 2016 to 2017, according to Microsoft. Attacks on their Azure cloud offering that are designed to weaponize virtual machines are being launched from around the world with the majority of culprits located in China and the U.S.

Anthem’s Data Breach

Compromised login credentials led to a data breach resulting in the unauthorized access of the personal information of 80 million customers. According to cloudsecurityalliance.org, the data was uploaded to a commercial cloud storage service, making the intrusion harder to detect. 

National Electoral Institute of Mexico

In April of 2016, the Institute was impacted by a data breach that resulted in 93 million voter registration records being compromised. The breach was traced back to a misconfigured database that was housed on an insecure and illegally hosted Amazon cloud server located outside of the country.

Cyber-attacks on cloud providers will only increase as more corporations use the cloud to store confidential information. Awareness of this fact can help spur a greater emphasis on the enhanced security demanded by the cloud computing paradigm.

Read 2785 times
Rate this item
(0 votes)
 Robert Agar

I am a freelance writer who graduated from Pace University in New York with a Computer Science degree in 1992. Over the course of a long IT career I have worked for a number of large service providers in a variety of roles revolving around data storage and protection. I currently reside in northeastern Pennsylvania where I write from my home office.

Visit other PMG Sites:

We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.