May 01 2023

Using just-in-time access to reduce cloud security risk

Category: Cloud computingDISC @ 9:08 am
Using just-in-time access to reduce cloud security risk

Cloud environments rely on identity as the security perimeter, and identities are mushrooming and making “identity sprawl” a serious challenge. Users often have multiple identities that span many resources and devices, while machine identities —used by apps, connected devices and other services—are growing at an accelerated pace.

This becomes a problem if an attacker manages to compromise an identity, allowing them to gain a foothold in the environment and exploit those privileges to move laterally throughout the cloud environment — or even escalate permissions to do even more damage across many other assets and resources.

One way to address the large attack surface and unnecessary risk in the cloud is to implement just-in-time (JIT) privileged access. This approach limits the amount of time an identity is granted privileged access before they are revoked. Even if an attacker compromises credentials, it may only have privileged access temporarily or not at all. This is a critical defense mechanism.

Simply put, JIT grants privileged access only temporarily and revokes it once the related task is completed. JIT builds on a least-privilege framework to include a time factor, so users only have access to those resources they need to carry out their functions, and only while they are performing those functions. That said, excessive privileges should, by default, be eliminated wherever possible.

“Right-sizing permissions” has become a buzzword for security professionals, but it’s a challenge. Enforcing the kind of granular permissions management necessary for good cloud security manually—going back and forth trying to determine which privileges are called for and what are the minimal escalations that can get the job done — can be time-consuming and frustrating for both users and security teams.

Organizations have reason to worry. As the annual Verizon Data Breach Investigations Report notes time and again: credentials can be the weak link in any network. The most recent report noted the use of stolen credentials has grown about 30% in the last five years. Since a large share of breaches can be traced back to credential theft and abuse, limiting the potential scope of account compromise will have an outsized effect on improving security.

How to implement JIT access

Deploying JIT access begins with gaining a clear view of who users are, what privileges they have and what privileges they need, including whether they are human and machine identities. Is the user an engineer or developer, an administrator or security staff?
Work can’t stop while a user waits to be validated. This is where automation can provide a workable system to provision temporary privileges and revoke them once they’re not necessary.

A few best practices can help security teams implement automated JIT:

  • A self-service portal: Security staff get a bad rap as creators of user friction, so any tool that can smooth out workflows is a good thing. A self-service portal can reduce friction by allowing users to request elevated privileges and tracking the approval process. This cuts back on delays and requests that fall through the cracks, while also enabling automated permissions management, which in turn reduces cloud attack surface and leads an audit trail for monitoring activity.
  • Automate policies for low-risk requests: Simple requests involving low-risk activity, such as work in non-production environments, can be automated with policies that approve requests for a limited time and without human intervention.
  • Define owners for each step of the process: Automation should not equal relinquishing control of business processes. It needs to be monitored to ensure unintended actions do not occur. Each step of the process —reviewing requests, monitoring implementation, and revoking privileges—must be assigned an owner and more complex and sensitive requests should be reviewed and approved by a human, when necessary.

By implementing JIT, security teams can move closer to achieving a least-privilege model and implementing zero trust security. Automation can make this possible by speeding up the process of granting and revoking permissions as necessary, without creating more work for security teams that are already stretched thin, or friction for users that impacts their agility and efficiency.

identity

Securing Cloud Services: A pragmatic approach

InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services

Tags: cloud security risk, Securing Cloud Services

Apr 10 2023

What is Cloud Mining and How Does it Work?

Category: Cloud computingDISC @ 8:18 am
What is Cloud Mining and How Does it Work?

Cloud mining is a way for you to purchase mining power from a remote data centre. Cloud mining works in the same way as regular cryptocurrency mining, except that instead of purchasing expensive hardware and dealing with its maintenance yourself, you just need to buy some shares and let a service provider do all the work. 

This can be especially appealing if you haven’t got access to cheap electricity in your area (or any at all), or if you simply don’t want to deal with the hassle of setting up your rig.

What is Cloud Mining?

Cloud mining is a service that allows you to purchase mining power from data centres. The process of mining is done remotely, and the owner of the data centre pays for the hardware and electricity usage. You pay for the hash power that you rent from them.

It is a process of renting crypto mining capacity from a third-party provider and using it to mine cryptocurrencies yourself. Instead of having to buy an expensive mining hardware, pay for its electricity use, and maintain it yourself, cloud mining lets you buy into a mining pool without requiring any of the hassles involved in normal crypto mining.

How does cloud mining work?

Cloud mining is a way to earn cryptocurrencies without having to buy expensive hardware. You can buy hash power from a cloud mining company, which means you won’t have to set up your hardware or software.

You don’t need any special knowledge or skills to start earning money immediately with this method of cryptocurrency mining.

Bitcoin Cloud Mining is the process by which transactions are verified and added to the public ledger, known as the blockchain. The blockchain is what allows a user to send Bitcoin or other cryptocurrencies between their accounts and to pay for goods or services from any merchant that accepts cryptocurrencies. 

The blockchain is distributed across thousands of computers around the world. One of those computers is owned by you! So when your computer works on creating a new transaction block, it adds some cryptographic hashing which validates and secures the block and all subsequent blocks.

The key part here is that if your computer is doing work on someone else’s transaction block, you’ll be rewarded with Bitcoins or other cryptocurrencies, which you can then spend however you’d like. With the Bitcoin price today of over $22,000, this is the currency that receives the most mining.

Advantages of Cloud Mining

  • No need for hardware: Cloud mining is completely virtual. You don’t need to buy any equipment, so you can start earning immediately without having to worry about maintenance or electricity costs.
  • No need for software: Unlike traditional mining where you have to install specific software on your computer, cloud mining requires no software installation at all. Once you purchase hash power from a provider and connect it with their platform (usually via API key), everything else works automatically in the background without any additional effort from your side.
  • No maintenance required: The majority of cloud mining providers offer contracts with monthly fees rather than daily fees like other companies do. This makes it much easier because there’s no need for regular checkups or maintenance work every month like some other platforms require. 

Disadvantages of Cloud Mining

  • High electricity costs: Mining cryptocurrency requires a lot of electricity. If you’re using cloud mining, this cost is passed on to you, the customer. This can be very expensive and make it hard for your ROI (return on investment) to pay off.
  • Maintenance costs: You’ll also need to consider maintenance costs for your hardware, as well as any downtime or downtime during which the machine may malfunction or be repaired by the company providing it. This could also affect your ROI negatively if they don’t have a good track record with repairs and replacements promptly.
  • Low returns on investment: Finally, there’s no guarantee that any particular cryptocurrency will increase in value over time; it may even decrease. If this happens while you’re paying high fees just so someone else can mine coins for themselves instead of doing it yourself directly through an ASIC miner or GPU rig at home then those losses will likely outweigh whatever gains might result from having used cloud mining services like Hashflare or Genesis Mining in order.

Types of Cloud Mining

Cloud mining is a way to mine cryptocurrencies without having to buy expensive equipment or even invest in it at all. Instead, you pay someone else to do it for you.

Host Mining

Host mining is a type of cloud mining where you buy a physical mining rig and pay for the electricity. The price of host mining can be very high, but it’s also the most profitable way to earn money. You need technical knowledge and experience to host mine successfully, so this isn’t recommended for beginners.

Hash Power Leasing 

Hash power leasing is a way to get hash power without buying the hardware. This can be done by signing up with a service provider and paying them for their services. The provider will then provide you with the necessary equipment, which you need to pay for separately.

The process works like this:

  • You sign up with a cloud mining company (like Hashflare or Genesis Mining)
  • They give you access to their mining farm’s equipment and software through an API key or web interface
  • You set up an account with them and deposit money into it (usually Bitcoin)

You are then able to use this money as if it were your own – but instead of buying physical hardware yourself, all of that work has already been done by someone else.

How to spot potential fraud in cloud mining

To avoid fraud, you should look for companies that are transparent about their ownership and location. Look at the company’s domain name and website for authenticity. Avoid any cloud mining company that does not provide a physical address or phone number on its website.

You should also check for reviews and complaints about the company in question by searching online or contacting local authorities (e.g., Better Business Bureau aka BBB).

BitDeer

BitDeer is a cloud mining platform that allows users to rent computing power to mine various cryptocurrencies, including Bitcoin, Ethereum, Litecoin, and more. It was founded in 2018 and is headquartered in Singapore.

BitDeer partners with mining farms and data centres worldwide to provide cloud mining services. Users can rent mining machines or hash power from BitDeer’s partners, which are located in regions with favourable conditions for cryptocurrency mining, such as regions with low electricity costs and cool climates.

StormGain

StormGain is a cryptocurrency trading and exchange platform that offers a range of services for cryptocurrency traders and investors. It was founded in 2019 and is headquartered in Seychelles.

StormGain aims to provide a user-friendly and accessible platform for trading and investing in cryptocurrencies, with a focus on leveraged trading and cryptocurrency mining. Some of the features and services offered by StormGain include Cryptocurrency Trading, Leverage Trading, Crypto Mining, Wallet Services and more.

GMiners

GMiner is a cloud mining company based in Hong Kong. It’s a subsidiary of Genesis Mining, one of the largest Bitcoin mining companies in the world. GMiner offers a variety of different mining contracts for Bitcoin, Ethereum, Dash, Litecoin and Bitcoin Cash.

Potential Risks

Please note that the cryptocurrency market is constantly evolving, and the performance and reputation of cloud mining companies may change over time. It’s essential to do thorough research, read reviews from multiple sources, and exercise caution when investing in cloud mining services or any other form of cryptocurrency investment. Always consider the risks and consult with experienced investors or seek professional advice before making any investment decisions.

Cryptocurrency Mining: A Complete Beginners Guide to Mining Cryptocurrencies, Including Bitcoin, Litecoin, Ethereum, Altcoin, Monero, and Others

InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services

Tags: Cloud Mining, cloud security, cryptocurrency mining

Mar 13 2023

Data Security With Cloud Compliance: Meeting Regulations & Standards

Category: Cloud computing,data securityDISC @ 10:21 am
Data Security With Cloud Compliance: Meeting Regulations & Standards

Businesses from all industries are aware of the benefits of cloud computing. Some organizations are just getting started with migration as part of digital transformation initiatives, while others are implementing sophisticated multi-cloud, hybrid strategies. However, data security in cloud computing is one of the most challenging deployment concerns at any level due to the unique risks that come with the technology.

The cloud compromises the conventional network perimeter that guided cybersecurity efforts in the past. As a result, a distinct strategy is needed for data security in cloud computing, one that takes into account both the complexity of the data compliance,  governance, and security structures as well as the dangers.

The Shifting Business Environment and Its Effects on Cloud Security

The top investment businesses implementing digital transformation initiatives want to make over the next three years is bolstering cybersecurity defenses. A paradigm shift in cybersecurity is being brought about by the rising trend of remote and hybrid workplaces, which is altering investment priorities.

Cloud computing provides the underlying technology for this transition as organizations want to increase resilience, and people want the freedom to work from anywhere. Yet, the lack of built-in security safeguards in many cloud systems highlights the need for data security in cloud computing.

What Is Cloud Data Security?

Cloud data security involves adopting technological solutions, policies, and processes to safeguard cloud-based systems and apps and the data and user access that go with them. The fundamental tenets of information security and data governance apply to the cloud as well:

Confidentiality: Protecting the data from illegal access and disclosure is known as confidentiality.

Integrity: Preventing unauthorized changes to the data so that it may be trusted

Accessibility: Making sure the data is completely accessible and available when it’s needed.

Cloud data security must be taken into account at every stage of cloud computing and the data lifecycle, including during the development, deployment, and administration of the cloud environment.

Data Risks in Cloud

Cloud computing has revolutionized the way data is gathered, stored, and processed, but it has also introduced new risks to data security. As more organizations rely on the cloud, cyberattacks and data breaches have become the biggest threats to data protection. While cloud technology is subject to the same cybersecurity risks as on-premises solutions, it poses additional risks to data security.

Application Programming Interfaces (APIs) with Security Flaws

Security flaws in APIs used for authentication and access are a common risk associated with the cloud. These flaws can be exploited by hackers to gain unauthorized access to sensitive data. Common issues include insufficient or improper input validation and insufficient authentication mechanisms. APIs can also be vulnerable to denial-of-service attacks (DoS), causing service disruptions and data loss.

Account Takeover or Account Hijacking

Account takeover or hijacking is a common threat in cloud computing, where hackers gain unauthorized access to user accounts and can steal or manipulate sensitive data. Hackers can gain access to cloud accounts due to weak or stolen passwords used by users. This is because users often use simple, easy-to-guess passwords or reuse the same password across multiple accounts. Once a hacker gains access to one account, they can potentially access other accounts that use the same password.

Insider Risks

Insider threats are a significant concern in cloud computing due to the lack of visibility into the cloud ecosystem. Cloud providers typically have a vast and complex infrastructure, which can make it challenging to monitor user activity and detect insider threats. Insider threats can occur when insiders, such as employees, contractors, or partners, intentionally or unintentionally access or disclose sensitive data.

Security Measures Protecting Data in Cloud Computing

Identity governance is the first step in securing data in the cloud. Across all of your on-premises and cloud platforms, workloads, and data access, you need a thorough, unified perspective. Identity management gives you the following:

Install Encryption

Encryption is an essential security measure for protecting sensitive and important data, including Personally Identifiable Information (PII) and intellectual property, both in transit and at rest. 

Third-party encryption solutions can offer additional layers of security and flexibility beyond what is provided by CSPs. For example, some third-party encryption solutions may offer more robust encryption algorithms or the ability to encrypt data before it is uploaded to the cloud. They can also provide granular access controls, enabling organizations to determine who can access specific data and under what circumstances.

Archive the Data

Backing up cloud data is critical for data protection and business continuity. The 3-2-1 rule is a best practice, involving having at least three copies of the data, stored in two different types of media, with one backup copy stored offsite. Businesses should have a local backup in addition to the cloud provider’s backup, providing an extra layer of protection in case the cloud provider’s backup fails or is inaccessible.

Put Identity and Access Management (IAM) into Practice

IAM (Identity and Access Management) is essential for securing cloud resources and data. IAM components in a cloud environment include identity governance, privileged access control, and access management, such as SSO or MFA. To ensure effective IAM in a cloud environment, organizations must include cloud resources in their IAM framework, create appropriate policies and procedures, and regularly review and audit IAM policies and procedures.

Control Your Password Rules

Poor password hygiene is a common cause of security events. Password management software can help users create, store and manage strong, unique passwords for each account, making it easier to follow safe password procedures. This can encourage better password hygiene and reduce the risk of password-related security incidents.

Use Multi-factor Authentication (MFA)

MFA (Multi-factor authentication) is a security mechanism that adds an extra layer of security beyond traditional password-based authentication. It reduces the chance of credentials being stolen and makes it more challenging for threat actors to gain unauthorized access to cloud accounts. 

MFA is particularly valuable in cloud environments, where many employees and contractors may access cloud accounts from various locations and devices. However, it is important to ensure that it is implemented correctly, easy to use, and integrated with existing security infrastructure and policies.

Summary

Your environment will get more complicated as you continue to utilize the cloud, particularly if you begin to rely on the hybrid multi-cloud. Data security in cloud computing is essential for reducing the dangers to your business and safeguarding not just your data but also your brand’s reputation.

Consider deploying solutions for controlling cloud access and entitlements to protect yourself from the always-changing cloud risks. For a thorough approach to identity management, incorporate these solutions into your entire IAM strategy as well.

A complete, identity-centered solution ensures that you constantly implement access control and employ governance more wisely, regardless of whether your data is on-premises or in the cloud. You will also profit from automation and other factors that increase identity efficiency and save expenses.

Cloud Computing Security: Foundations and Challenges

AWS Security Cookbook: Practical solutions for managing security policies, monitoring, auditing, and compliance with AWS

Let AWS Solutions Architects start you on your journey to secure your cloud resources.

InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services

Tags: cloud security, Data Security With Cloud

Feb 24 2023

Cloud Security Protecting Your Data in The Cloud

Category: Cloud computingDISC @ 10:34 am
Cloud Security Protecting Your Data in The Cloud

Following these best practices, you can increase the cloud security and protection of your cloud-based data and applications.

As cloud computing has revolutionized how we store and process data, it has also introduced new security risks. Your data must be secure as more and more businesses turn to the cloud.

Here are some steps you can take to ensure that your cloud environment is secure:

It would help if you chose a reputable cloud provider: Not all cloud providers provide the same level of security. You should select a provider with a positive security track record that implements strict security controls.

Secure your data in transit and at rest: Ensure that your data is encrypted both in transit and at rest. Keeping your data secure and accessible only to authorized users can help protect against data breaches.
To prevent unauthorized access, implement strong access controls, including limiting access to cloud resources only to authorized users and implementing multi-factor authentication.

Monitoring your cloud environment regularly: Implement tools to monitor your cloud environment for unusual activity or signs of a breach. By doing so, you can identify potential security threats early on and mitigate their effect.

Plan for a disaster recovery scenario by implementing a disaster recovery plan. This backup will allow you to recover your data and applications in case of a security breach or other catastrophe.

You should educate your employees regarding the risks associated with cloud computing and provide them with training on protecting their data.

With these steps, you can protect your business from cyber threats and ensure the security of your cloud-based data. Take action today to protect your valuable assets by ensuring your business is secure.

What are the three categories of cloud security?

With the advancement of cloud computing, businesses can now store, process, and share massive amounts of data more easily and efficiently than ever before. Cloud computing, like any technology, carries inherent security risks.

Three categories of cloud security can assist in mitigating these risks: physical security, operational security, and data security.

Physical Security

Physical security refers to the measures the cloud service provider takes to protect its physical infrastructure. These actions include access controls, surveillance, and environmental controls, and those used in data centers play a crucial role in preventing unauthorized access.

Operational Security

A cloud service provider’s operational security refers to the processes and policies to manage their business operations. This process includes several measures, such as change management, incident response, and business continuity planning. Your cloud services must be protected against active cyber threats to ensure reliability and availability.

Data Security

Data Security refers A cloud security measure is a means of protecting your data. These include measures such as encryption, access controls, and data backups. To ensure the integrity and availability of your sensitive data, it is essential to implement effective data security measures.

In the cloud, each of these categories of security is essential for protecting your business from cyber threats and ensuring the safety and security of your data.

When you work with a reputable cloud service provider and implement best practices for physical, operational, and data security, you can minimize the risks of cloud computing and take advantage of the benefits of this revolutionary technology. Take advantage of the cloud with confidence and peace of mind by embracing security concerns.

Cybersecurity and the Cloud: What You Need to Know

Cloud computing has become increasingly important as more and more businesses move their data and applications to the cloud.

Cybersecurity and the cloud have some key considerations.

Understand your responsibilities:

When you use cloud services, you typically share security responsibility with the cloud provider. Ensure that you are aware of which security aspects are your responsibility and which are the service provider’s responsibility.

  • When it comes to security, not all cloud providers are equal. You should research the provider and choose one with a good security record.
  • Provide strong authentication to all cloud users, such as multi-factor authentication.Encrypt your data:
  • Your data must be encrypted in transit and at rest. It helps prevent data breaches and ensures only authorized persons can access your data.Monitor your data:
  • Use security tools to monitor your data for unusual activity or signs of a breach. By detecting potential security issues early, you can mitigate their impact.

Cloud Security: How to Protecting Your Data in The Cloud.

The increasing amount of data stored online in cloud-based systems has made cloud security a growing concern for businesses and individuals. You will learn cloud security basics, from recognizing potential cyber threats to protecting your data.

Cloud security risks.

Data breaches and denial of service (DOS) attacks are some risks associated with cloud security. Protecting yourself requires an understanding of common types of threats.

It is common for cloud security threats to include malicious outsiders such as hackers, insider threats from employees and contractors with access to your data, misconfigurations that leave your data vulnerable, and disasters that may cause data loss. When you understand the risks associated with storing your data in the cloud, you can develop effective strategies for mitigating them.

Set up Multi-Factor Authentication.

A multi-factor authentication (MFA) system is one of the best ways to protect your cloud environment. The authentication adds a layer of security by requiring users to use two or more credentials, such as a password and a one-time code sent by email or text message. It ensures that only authorized people can access your data and makes it much harder for attackers to compromise your system by guessing passwords or using stolen credentials.

Update security software and patches regularly.

Cyber Threat Intelligence programs should permanently be installed and maintained. It is also highly recommended that you patch your system regularly to ensure that there are no vulnerabilities attackers could exploit. If your systems do not receive regular updates, they may be vulnerable to attack. Additionally, other users on the system must keep up-to-date, so make sure everyone understands the importance of patching and security maintenance.

Create rules for permissions and user access.

Cloud services should be protected from unauthorized access. Establish specific user access and permission settings rules by creating or purchasing a policy. The policy should define what data users can access and edit and set boundaries for authorized users and applications. It would help if you also considered creating logins with distinct roles for each employee — this way, each user can only view information relevant to their job.

Prepare a Breach and Attack Recovery Plan.

Any business operating in the cloud needs a disaster recovery plan. Specifically, the goal should outline how the team should respond to a data breach or cyber attack, how to contact potential victims, how to recover files and systems, and how to mitigate risks.

Cloud Security

Cloud Security Protecting Your Data?

Cloud security is the practice of protecting your data and applications that are stored in the cloud. As more and more businesses move their data to the cloud, ensuring the security of that data has become increasingly important.

Here are some steps you can take to protect your data in the cloud:

  1. Use strong passwords and two-factor authentication: It’s important to use strong, unique passwords for all of your accounts and enable two-factor authentication wherever possible. This will help prevent unauthorized access to your accounts.
  2. Encrypt your data: Encryption is a process of converting your data into a secret code that can only be accessed with the right encryption key. This is an effective way to protect your data from unauthorized access.
  3. Choose a reputable cloud provider: When choosing a cloud provider, look for one that has a strong track record of security and compliance. Make sure they have proper encryption, backup and disaster recovery plans in place.
  4. Keep your software up to date: Make sure to keep all of your software, including your cloud applications, up to date with the latest security patches.
  5. Limit access to your data: Only give access to your cloud data to those who need it. You can use access controls to limit who can view, edit, or delete your data.
  6. Backup your data: Make sure to regularly back up your cloud data. This will ensure that you can still access your data even if there is a security breach or outage.

By taking these steps, you can help protect your data in the cloud and ensure that your business stays secure.

Previous posts on Cloud Computing Security

InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services

Tags: cloud security

Feb 08 2023

How to Use Cloud Access Security Brokers for Data Protection

Category: Cloud computingDISC @ 11:07 am
How to Use Cloud Access Security Brokers for Data Protection

A cloud access security broker is a security policy enforcement point that can be located on-premises or in the cloud. Its purpose is to aggregate and implement an enterprise’s security policies whenever cloud-based resources are accessed.

How to Use Cloud Access Security Brokers for Data Protection

The cloud access security broker is analogous to a security guard in that it ensures compliance with the laws that were established by the administrators of the cloud service.

A cloud access security broker is a security solution that enables businesses to protect both their data and their users while they are working in the cloud. It functions as a middleman between an organization’s IT infrastructure and the company’s cloud services, monitoring and limiting access to ensure that security policies are adhered to.

Increasing companies’ utilization of cloud-based services is one of the primary factors contributing to the growing demand for cloud access security brokers. As more and more businesses move their data and applications to the cloud, which is very simple to use and manage, these businesses require a method to secure their assets and protect themselves against potential threats that may arise as a result of services being connected to one another without having a great deal of control over them. 

Cloud access security brokers offer a means to monitor and regulate access to cloud services, thereby guaranteeing that only authorized users can view sensitive data.

Cloud Access Security Broker for Data Protection: How It Can Be Achieved

Source: Managed Methods

Cloud access security brokers can also assist enterprises in complying with regulatory regulations and industry standards like HIPAA, PCI-DSS, and SOC 2, amongst others. Furthermore, as they carry out a substantial amount of detailed reporting for data breaches, they are able to undertake data encryption and can even manage access controls. As a result, the business is carrying out these procedures in an effective manner. So it can be used for cloud data security in a number of ways.

Using Cloud Access Security Brokers for Data Loss Prevention

After being implemented, cloud access security brokers are able to perform monitoring of the resources that have been created or deployed. They can also be used to enforce access restrictions on such resources, which effectively guarantees that only authorized people who have the authorization to access them can access that sensitive data. This not only protects against unauthorized access but also prevents sensitive data from being accidentally deleted.

Performing Data Encryption

Cloud access security broker protects data in a variety of ways, including through the implementation of appropriate access restrictions. Cloud access security brokers have the ability to encrypt sensitive data while it is both at rest and in motion.

If the data is encrypted, then even if someone gains unauthorized access to the data or if the data itself is stolen, it cannot be decoded without the appropriate decryption keys even if the data was encrypted. As a result, it renders it possible to gain access to the data even after having performed access that was not authorized.

Managing proper compliance 

Because cloud access security brokers are responsible for the enforcement of a wide variety of policies, they can be of assistance in achieving various kinds of compliance. Cloud access security brokers are able to assist firms in meeting regulatory requirements and industry standards, such as HIPAA, PCI-DSS, and SOC 2, which may be applicable. 

Cloud access security brokers are essentially reporting and alerting systems that give organizations information about potential security breaches. This enables organizations to take action to secure their data swiftly.

The Four Pillars of a Cloud Access Security Broker

Cloud access security brokers are built on four distinct pillars, each of which not only assists an organization in meeting appropriate data encryption standards but also provides a means by which the users of that organization can be protected. Cloud access security brokers offer visibility into the utilization of cloud services across an entire organization. This visibility includes information about which services are being utilized, who is using them, and the kind of data that is being saved or accessed. This offers an organization a sufficient level of visibility of its resources.

By providing extensive reporting and notifications on potential security breaches, cloud access security brokers are able to assist organizations in meeting regulatory obligations and industry standards.

The prevention of data loss, encryption, access restriction, and activity monitoring are only some of the security measures that can be enforced by cloud access security brokers in order to secure data and users in the cloud. In addition to this, they offer governance capabilities for their customers, such as policy management, incident response, and risk management, to assist businesses in managing and securing their cloud environments.

Conclusion

Cloud access security brokers safeguard cloud data. They monitor and control data and application access to secure cloud services. By monitoring and controlling cloud usage, they assist enterprises to meet regulatory and industry standards.

Cloud access security brokers can identify and mitigate threats to prevent data breaches and other security problems. They also offer encryption, data loss prevention, and threat detection. These solutions benefit all businesses, especially cloud-dependent ones. They should be utilized with firewalls, intrusion detection systems, and antivirus software as part of a holistic security plan.

Cloud Access Security Brokers CASBs

AWS: Getting started with cloud security (Free Course)

Checkout our previous posts on Cloud Computing

InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services

Tags: CASBI, CASBs, cloud security

Jan 26 2023

Cloud Pentesting Cheatsheet

Category: Cheat Sheet,Cloud computing,Pen TestDISC @ 12:09 pm

Cloud-Pentesting-Cheatsheet-1Download

Cloud Pentesting for Noobs. An introduction to peneration testing… | by Jon Helmus | Medium

Checkout our previous posts on Cheat Sheet

InfoSec books | InfoSec tools | InfoSec services

Tags: cheat sheet, Cloud Pentesting

Jan 26 2023

GoTo admits: Customer cloud backups stolen together with decryption key

Category: Cloud computingDISC @ 12:11 am
GoTo admits: Customer cloud backups stolen together with decryption key

GoTo is a well-known brand that owns a range of products, including technologies for teleconferencing and webinars, remote access, and password management.

If you’ve ever used GoTo Webinar (online meetings and seminars), GoToMyPC (connect and control someone else’s computer for management and support), or LastPass (a password manangement service), you’ve used a product from the GoTo stable.

You’ve probably not forgotten the big cybersecurity story over the 2022 Christmas holiday season, when LastPass admitted that it had suffered a breach that was much more serious than it had first thought.

The company first reported, back in August 2022, that crooks had stolen proprietary source code, following a break-in into the LastPass development network, but not customer data.

But the data grabbed in that source code robbery turned out to include enough information for attackers to follow up with a break-in at a LastPass cloud storage service, where customer data was indeed stolen, ironically including encrypted password vaults.

Now, unfortunately, it’s parent company GoTo’s turn to admit to a breach of its own – and this one also involves a development network break-in.

Security incident

On 2022-11-30, GoTo informed customers that it had suffered â€śa security incident”, summarising the situation as follows:

Based on the investigation to date, we have detected unusual activity within our development environment and third-party cloud storage service. The third-party cloud storage service is currently shared by both GoTo and its affiliate, LastPass.

This story, so briefly told at the time, sounds curiously similar to the one that unfolded from August 2022 to December 2022 at LastPass: development network breached; customer storage breached; investigation ongoing.

Nevertheless, we have to assume, given that the statement explicitly notes that the cloud service was shared between LastPass and GoTo, while implying that the development network mentioned here wasn’t, that this breach didn’t start months earlier in LastPass’s development system.

The suggestion seems to be that, in the GoTo breach, the development network and cloud service intrusions happened at the same time, as though this was a single break-in that yielded two targets right away, unlike the LastPass scenario, where the cloud breach was a later consequence of the first.

Incident update

Two months later, GoTo has come back with an update, and the news isn’t great:

[A] threat actor exfiltrated encrypted backups from a third-party cloud storage service related to the following products: Central, Pro, join.me, Hamachi, and RemotelyAnywhere. We also have evidence that a threat actor exfiltrated an encryption key for a portion of the encrypted backups. The affected information, which varies by product, may include account usernames, salted and hashed passwords, a portion of Multi-Factor Authentication (MFA) settings, as well as some product settings and licensing information.

The company also noted that although MFA settings for some Rescue and GoToMyPC customers were stolen, their encrypted databases were not.

Two things are confusingly unclear here: firstly, why were MFA settings stored encrypted for one set of customers, but not for others; and secondly, what do the words “MFA settings” encompass anyway?

Several possible important “MFA settings” come to mind, including one or more of:

  • Phone numbers used for sending 2FA codes.
  • Starting seeds for app-based 2FA code sequences.
  • Stored recovery codes for use in emergencies.

SIM swaps and starting seeds

Security of AWS CloudHSM Backups (AWS Whitepaper)

Tags: cloud backup, cloud security, Decryption Key

Jan 13 2023

Popular JWT cloud security library patches “remote” code execution hole

Category: API security,Cloud computing,Remote codeDISC @ 11:36 am
Popular JWT cloud security library patches “remote” code execution hole

by Paul Ducklin

JWT is short for JSON Web Token, where JSON itself is short for JavaScript Object Notation.

JSON is a modernish way of representing structured data; its format is a bit like XML, and can often be used instead, but without all the opening-and-closing angle brackets to get in the way of legibility.

For example, data that might be recorded like this in XML…

<?xml version="1.0" encoding="UTF-8"?>
<data>
   <name>Duck</name>
   <job>
      <employer>Sophos</employer>
      <role>NakSec</role>
   </job>
</data>

…might come out like this in JSON:

{"name":"Duck","job":{"employer":"Sophos","role":"NakSec"}}

Whether the JSON really is easier to read than the XML is an open question, but the big idea of JSON is that because the data is encoded as legal JavaScript source, albeit without any directly or indirectly executable code in it, you can parse and process it using your existing JavaScript engine, like this:

The output string undefined above merely reflects the fact that console.log() is a procedure â€“ a function that does some work but doesn’t return a value. The word Sophos is printed out as a side-effect of calling the function, while undefined denotes what the function calculated and sent back: nothing.

The popularity of JavaScript for both in-browser and server-side programming, plus the visual familiarity of JSON to JavaScript coders, means that JSON is widely used these days, especially when exchanging structured data between web clients and servers.

And one popular use of JSON is the JWT system, which isn’t (officially, at any rate) read aloud as juh-witt, as it is written, but peculiarly pronounced jot, an English word that is sometimes used to refer the little dot we write above above an i or j, and that refers to a tiny but potentially important detail.

Authenticate strongly, then get a temporary token

Loosely speaking, a JWT is a blob of encoded data that is used by many cloud servers as a service access token.

The idea is that you start by proving your identity to the service, for example by providing a username, password and 2FA code, and you get back a JWT.

The JWT sent back to you is a blob of base64-encoded (actually, URL64-encoded) data that includes three fields:

  • Which crytographic algorithm was used in constructing the JWT.
  • What sort of access the JWT grants, and for how long.
  • A keyed cryptographic hash of the first two fields, using a secret key known only to your service provider.

Once you’ve authenticated up front, you can make subsequent requests to the online service, for example to check a product price or to look up an email address in a database, simply by including the JWT in each request, using it as a sort-of temporary access card.

Clearly, if someone steals your JWT after it’s been issued, they can play it back to the relevant server, which will typically give them access instead of you…

…but JWTs don’t need to be saved to disk, usually have a limited lifetime, and are sent and received over HTTPS connections, so that they can’t (in theory at least) easily be sniffed out or stolen.

When JWTs expire, or if they are cancelled for security reasons by the server, you need to go through the full-blown authentication process again in order to re-establish your right to access the service.

But for as long they’re valid, JWTs improve performance because they avoid the need to reauthenticate fully for every online request you want to make – rather like session cookies that are set in your browser while you’re logged into a social network or a news site.

Security validation as infiltration

Well, cybersecurity news today is full of a revelation by researchers at Palo Alto that we’ve variously seen described as a “high-severity flaw” or a “critical security flaw” in a popular JWT implementation.

In theory, at least, this bug could be exploited by cybercriminals for attacks ranging from implanting unauthorised files onto a JWT server, thus maliciously modifying its configuration or modifying the code it might later use, to direct and immediate code execution inside a victim’s network.

Simply put, the act of presenting a JWT to a back-end server for validation – something that typically happens at every API call (jargon for making a service request) – could lead malware being implanted.

But here’s the good news:

  • The flaw isn’t intrinsic to the JWT protocol. It applies to a specific implementation of JWT called jsonwebtoken from a group called Auth0.
  • The bug was patched three weeks ago. If you’ve updated your version of jsonwebtoken from 8.5.1 or earlier to version 9.0.0, which came out on 2022-12-21, you’re now protected from this particular vulnerability.
  • Cybercriminals can’t directly exploit the bug simply by logging in and making API calls. As far as we can see, although an attacker could subsequently trigger the vulnerability by making remote API requests, the bug needs to be “primed” first by deliberately writing a booby-trapped secret key into your authentication server’s key-store.

According to the researchers, the bug existed in the part of Auth0’s code that validated incoming JWTs against the secret key stored centrally for that user.

As mentioned above, the JWT itself consists of two fields of data denoting your access privileges, and a third field consisting of the first two fields hashed using a secret key known only to the service you’re calling.

To validate the token, the server needs to recalculate the keyed hash of those first two JWT fields, and to confirm the hash that you presented matches the hash it just calculated.

Given that you don’t know the secret key, but you can present a hash that was computed recently using that key…

…the server can infer that you must have acquired the hash from the authentication server in the first place, by proving your identity up front in some suitable way.

Data type confusion

It turns out that the hash validation code in jsonwebtoken assumes (or, until recently, assumed) that the secret key for your account in the server’s own authentication key-store really was a cryptographic secret key, encoded in a standard text-based format such as PEM (short for privacy enhanced mail, but mainly used for non-email purposes these days).

If you could somehow corrupt a user’s secret key by replacing it with data that wasn’t in PEM format, but that was, in fact, some other more complex sort of JavaScript data object…

…then you could booby-trap the secret-key-based hash validation calculation by tricking the authentication server into running some JavaScript code of your choice from that infiltrated “fake key”.

Simply put, the server would try to decode a secret key that it assumed was in a format it could handle safely, even if the key wasn’t in a safe format and the server couldn’t deal with it securely.

Note, however, that you’d pretty much need to hack into the secret key-store database first, before any sort of truly remote code execution trigger would be possible.

And if attackers are already able to wander around your network to the point that they can not only poke their noses into but also modify your JWT secret-key database, you’ve probably got bigger problems than CVE-2022-23539, as this bug has been designated.

What to do?

If you’re using an affected version of jsonwebtokenupdate to version 9.0.0 to leave this bug behind.

However, if you’ve now patched but you think crooks might realistically have been able to pull off this sort of JWT attack on your network, patching alone isn’t enough.

In other words, if you think you might have been at risk here, don’t just patch and move on.

Use threat detection and response techniques to look for holes by which cybercriminals could get far enough to attack your network more generally…

…and make sure you don’t have crooks in your network anyway, even after applying the patch.

Breaking down JSON Web Tokens: From pros and cons to building and revoking

Contact DISC InfoSec if you need guidance on RESTful API security specs

Infosec books | InfoSec tools | InfoSec services

Tags: JWT cloud security library

Dec 23 2022

Cloud Security Best Practices

Category: Cloud computingDISC @ 11:10 am
This image has an empty alt attribute; its file name is image-18.png

Cloud-Security-Best-Practices-1Download

Cloud Security Titles

Cloud Security Training

MicroMasters® Program in Cloud Computing

Full Stack Cloud Application Development

AWS – Getting Started with Cloud Security

Infosec books | InfoSec tools | InfoSec services

Tags: cloud security

Nov 07 2022

Does your company need secure enclaves? Five questions to ask your CISO

Category: Cloud computingDISC @ 2:26 pm
Does your company need secure enclaves? Five questions to ask your CISO

Some of the biggest barriers to cloud adoption are security concerns: data loss or leakage, and the associated legal and regulatory concerns with storing and processing data off-premises.

In the last 18 months, 79% of companies have experienced at least one cloud data breach; even more alarmingly, 43% have reported 10 or more breaches in that time. Despite the clear advantages of cloud infrastructure, one of the main challenges that often gets overlooked is the need to: (1) trust that the infrastructure will be secure enough against threats and (2) that the chosen cloud provider won’t purposefully or inadvertently access the data processing on their infrastructure. When dealing with highly sensitive/confidential data (such as banking information or healthcare patient data), this becomes a major concern and a barrier to further cloud adoption.

Traditional approaches for protecting data have relied upon implementing access controls and policies and encrypting data at rest and in transit, but none are able to prevent the threat in its entirety because a fundamental challenge remains: keeping data encrypted when in use, while it is being processed. Confidential computing – projected to be a $54B market by 2026 – is emerging as a way to remove the need for trusting infrastructure and service providers by keeping data protected/encrypted even when in use.

Confidential computing technology uses hardware-based techniques to create isolated environments called enclaves (also known as Trusted Execution Environments or TEEs).

Code and data within enclaves are inaccessible by other applications, users, or processes colocated on the system. The enclave keeps the data encrypted even when in use – while in memory and during computation. With a secure enclave environment, multiple parties can collaborate on analytics and AI use cases without compromising the confidentiality of their individual data and exposing it to other parties.

According to a recent survey, using secure enclaves in the enterprise setting is attractive for implementing safeguards for the following scenarios:

  • Protect against insider threats. Data in the cloud is accessible to the database administrators of the cloud applications or infrastructure via direct access to the database, application logs, and device memory
  • Prevent platform software (i.e., a platform hypervisor) from accessing data
  • Protect data from adjacent workloads in a multitenant/user environment
  • Protect the integrity of crowdsourced ML models
  • Confidential data sharing and multi-party collaboration

If these scenarios apply to you and your business, but you’re unsure what you’ll need to know to get started, here are five questions to ask your CISO:

1. Will I need to deploy specialized hardware to keep our data protected?

Confidential computing technology is now available on all major cloud providers. This obviates the need to procure and maintain specialized hardware yourselves. Even though confidential computing and secure enclaves are still in the “emerging technology bucket,” organizations can easily adopt confidential computing through cloud vendors and ISVs. The cloud providers see the benefit of secure enclaves and their future potential as a transformative technology, and so have bought in.

2. Will we need to rewrite applications to use secure enclaves?

Some confidential computing technologies, such as Intel SGX, require application modifications before they can run within enclaves. Other technologies, such as Confidential VMs, provide more flexibility and can run unmodified applications.

But, from a security perspective, this has the downside of having to trust the entire software stack within the VM. So, depending on the use case and requirements, one technology may be preferable over the other. In addition, proper adoption of confidential computing requires orchestrating management of the other constituent technologies, such as remote attestation.

The enclave adoption process can be complex and engineering teams will have to take time to build these capabilities to get their applications up and running. While bandwidth may be tight at times, the ROI is worth it in the long run. A growing ISV ecosystem can also help in the seamless adoption of confidential computing for a rich variety of use cases.

3. Can I use secure enclaves to improve data collaboration with other teams?

Before data can be shared with other teams, organizations typically need to follow a cumbersome governance process to restrict access to sensitive data, eliminate data sets or mask specific data fields, and prevent any level of data sharing.

Integrating secure enclaves provides an opportunity for organizations to increase both productivity and security measures. Multiple data owners can individually encrypt their entire data (including PII), pool it together, and analyze the collective data set within enclaves. Done effectively, multi-party collaboration can drive faster business results by enabling new and higher-quality insights.

4. Will I need to add additional security expertise to the team?

Implementing confidential computing workflows can be difficult to do directly without using existing tools and software. One needs to make sure that confidential data is protected throughout its lifecycle. This can have a variety of moving parts – from integrating with existing key management systems to managing secure enclave infrastructure, rewriting applications, deploying code securely and verifiably to the enclaves, and keeping confidential data encrypted in storage and in transit in/out of the enclaves. However, there is a rich emerging ISV ecosystem of software that alleviates the complexities of confidential computing for a rich variety of use cases, making it easy to use and adopt by non-experts.

5. Will I need to lock myself into a single cloud?

The top CPU vendors all introduced secure enclave and confidential computing solutions in recent years. These were adopted by the leading cloud vendors, some of which now offer solutions based on the same underlying technology. Microsoft Azure and Google Cloud Platform, for example, offer solutions based on AMD’s SEV technology. As software solutions running on top of these cloud platforms evolve, application vendors will introduce cross-platform solutions powered by the common hardware layers.

Conclusion

Businesses considering adopting cloud technology can better do so with secure enclaves. By asking your CISO these five questions, businesses can move into the future, understand what implementing secure enclaves will look like, better secure their data, and create a more efficient analytics process.

This ongoing shift to the cloud will increase efficiency for companies and reduce human error – especially knowing 57% of businesses will move their workloads to the cloud before the end of the year. When secure enclaves are implemented properly, the crucial component of ensuring security is not sacrificed. All businesses working with data should consider integrating confidential computing into their models to allow for analytics and AI on encrypted data.

shield

Secure Processors Part I: Background, Taxonomy for Secure Enclaves and Intel SGX Architecture

Tags: cloud adoption, data protection, secure enclaves

Aug 31 2022

The Inevitability of Cloud Breaches: Tales of Real-World Cloud Attacks

Category: Cloud computingDISC @ 9:43 am

While cloud breaches are going to happen, that doesn’t mean we can’t do anything about them. By better understanding cloud attacks, organizations can better prepare for them.

Cloud computing
Source: Wavebreakmedia Ltd IW-210409 via Alamy Stock Photo

Cloud breaches are inevitable.

It’s the reality we live in. The last few years have demonstrated that breaches occur, no matter how much security organizations put in place. The increased complexity of organizations — where a single mistake or vulnerability can lead to a compromise — coupled with the increased motivation, sophistication, and dedication of attackers, means breaches are here to stay. At the same time, organizations are transitioning to the cloud, making attackers shift focus to rapidly increase their attacks on cloud environments.

While this means that cloud breaches are inevitable, that doesn’t mean we can’t do anything about them. By better understanding cloud attacks, organizations can better prepare for them. Then, hopefully, they can contain and respond to attacks faster, reducing their impact and averting a crisis.

This two-part series will explore real-world attacks that unravel, investigate, and share insights on practical ways organizations can respond to cloud attacks in today’s threat landscape.

SaaS Marketplace Hack Leads to Major Breach

In the last few years, software-as-a-service (SaaS) platforms have been replacing traditional enterprise applications, making it easier for organizations to adopt and manage them. Part of the value such platforms provide is the ability to integrate and expand rapidly, supporting the ever-growing demands of users for more functionality. Further enhancing their platforms, SaaS vendors are creating a marketplace to allow third-party providers to add functionality and integration for its users. These marketplaces, however, can introduce substantial third-party risk, as can be seen in the following scenario.

After a company was notified by GitHub of a potential risk, GitHub didn’t provide any specific indicators of unauthorized access. Instead, GitHub provided only a generic notice that DeepSource, one of the apps the company had previously been using on the marketplace, was breached, making it hard to understand whether the organization was affected or not. An initial review done by the company of its GitHub logs did not help, as it could not see any access to its code by DeepSource.

The reason for this was rather simple — and it is at the heart of how many SaaS marketplaces operate. A few months before the breach, one of the company’s developers tried out the DeepSource app, wherein the developer granted DeepSource access to the code under his username. When the attackers used DeepSource’s access to download the entire code repository, what appeared in the logs was a pull request under the name of a legitimate user. The only indicator that it was malicious was the identification of an irregular IP address, which eventually was tied to other known attacks.

At this point, it became clear that the entire code repository had been stolen, and a full-blown response was needed to contain and recover from the breach. As with most code leakage cases, the immediate concern was access to secrets (passwords/keys) in the code. While it is generally bad practice to have hardcoded secrets in code, it is still a common practice by many — and this case was no different. By identifying the relevant secrets in the code, the next steps of the attackers — which, as expected, started accessing some of the Amazon Web Services (AWS) infrastructure â€” was predicted. By quickly identifying them, the company was able to block access to all relevant resources, contain the breach, and recover before more damage could be done.

Cryptominer Injected into a Virtual Machine Template

What if one could mine cryptocurrency at somebody else’s expense? This idea is at the heart of many cryptomining attacks we see today, where attackers take over cloud resources, then run cryptominers on them collecting cryptocurrency while the hacked organization pays the cloud compute bills for it.

In a recent incident, a company had identified unknown files on 18 AWS EC2 machines they were running in the cloud. Looking at the files, it became clear they had fallen victim to the ongoing TeamTNT Watchdog cryptomining campaign. It was initially unclear how the attackers managed to infect so many EC2 instances, but as the investigation unfolded, it became apparent that instead of targeting individual machines, the attackers targeted the Amazon Machine Image (AMI) template used to create each machine. During the creation of the original image, there was a short time where a service was misconfigured, allowing remote access. TeamTNT used automatic tools to scan the network, identify it, and immediately place the miners there, which then got duplicated to every new machine created.

This highlights another common attack pattern: implanting cryptominers in publicly available AMIs through the Amazon marketplace.

As demonstrated by these cases, cloud attacks are here to stay. They’re different from what we’re used to observing, so it’s time to better prepare for their arrival. Stay tuned for part two, where we will dive into cloud ransomware and how to avoid it.

Cloud computing

https://

www.darkreading.com
/cloud/the-inevitability-of-cloud-breaches-tales-of-real-world-cloud-attacks-

Practical Cloud Security

Tags: cloud security, Practical Cloud Security

Jul 27 2022

Alkira Partners With Fortinet to Secure Cloud Networks

Category: Cloud computingDISC @ 8:46 am
Alkira Partners With Fortinet to Secure Cloud Networks

Alkira today announced it has integrated its cloud service for connecting multiple networks with firewalls from Fortinet.

Announced at the AWS re:Inforce event, the integration makes it possible to automate the configuration and deployment of Fortinet firewalls via the FortiManager platform using a control plane that integrates with the networking services provided by multiple cloud service providers.

Ahmed Datoo, chief marketing officer for Alkira, said the alliance with Fortinet is in addition to existing support for firewalls from Palo Alto Network.

Alkira is making a case for a control plane for cloud networking that integrates with the application programming interfaces (API) exposed by various cloud service providers. As a result, there is no need for an IT team to deploy agent software on each cloud service to integrate the Alkira service, noted Datoo.

As organizations increasingly deploy workloads across multiple clouds, managing and securing each of the networks that cloud service providers give them access to has become challenging. The Alkira platform is designed to provide a single pane of glass for configuring networking and security services spanning multiple clouds, said Datoo. Those organizations can either use the frameworks provided by vendors such as Fortinet to manage individual elements or use an instance of the open source Terraform tool to programmatically invoke services, he noted.

The challenge organizations face when using multiple clouds is that each one is typically managed in isolation. As a result, IT teams find themselves dedicating IT staff to mastering the various tools required to manage these platforms. Over time, however, the total cost of IT starts to rise as each cloud platform is added to the extended enterprise. Alkira reduces those costs by unifying the provisioning and management of multiple cloud networks, said Datoo. It’s up to each IT organization to decide which cloud platform to use to deploy the Alkira platform to accomplish that goal, he added.

The alliance between Alkira and Fortinet is only the latest example of the convergence of network and security operations. While cybersecurity teams are still needed to define security policies, much of the routine management of firewalls and other security platforms is now handled by network operations—in part, to make up for the chronic shortage of cybersecurity personnel. Network operations, meanwhile, are slowly being integrated with other IT operations workflows to enable organizations to programmatically manage entire IT environments without requiring as many dedicated network specialists.

In the meantime, the attack surface that security teams are being asked to secure continues to expand in the age of the cloud. The issue, of course, is that the size of most organizations’ security teams remains constrained. The only way to secure all those cloud environments at scale is to rethink the entire approach to security operations. In most cases, those approaches were defined in an era where most workloads were deployed on on-premises IT environments that, in comparison, were comparatively simple to secure.

Cloud Security Handbook: Find out how to effectively secure cloud environments using AWS, Azure, and GCP

DISC InfoSec

#InfoSecTools and #InfoSectraining

#InfoSecLatestTitles

#InfoSecServices

Ask DISC an InfoSec & compliance related question

Tags: Alkira, cloud security, Fortinet, Secure Cloud Networks

May 06 2022

Vulnerable Docker Installations Are A Playhouse for Malware Attacks

Category: Cloud computing,MalwareDISC @ 8:31 am
Vulnerable Docker Installations Are A Playhouse for Malware Attacks

Uptycs researchers identified ongoing malicious campaigns through our Docker honeypot targeting exposed Docker API.

The Uptycs Threat Research team has identified ongoing malicious campaigns through our Docker honeypot targeting exposed Docker API port 2375. The attacks are related to crypto miners and reverse shells on the vulnerable servers using base64-encoded commands in the cmdline, built to evade defense mechanisms. This article briefly discusses three types of attacks which we observed lately in our Docker honeypot.

  • Coinminer attacks
  • Reverse shell attacks
  • Kinsing malware attacks

Case 1 – Coinminer Attacks 

The coinminer attack chain involves several shell scripts to drop malicious components via deployment of legitimate Docker images on the vulnerable servers (the servers exposed to Docker API). 

Malicious Shell Scripts Involved In The Campaign

The threat actors tried to run the Alpine Docker image with chroot command to gain full privileges on the vulnerable server host (a common misconfiguration). The attacker passed curl utility as an argument to the Alpine image which downloads and runs the malicious shell script (hash: 

fa98add22756cc2041f1dc372c709a4039cd0d6ae000454f728e95165be08abe
) on the vulnerable server host as shown below (see Figure 1).

Figure 1: honeypot log – command ran by attacker on the vulnerable server

Cronb.sh (the miner script)

Securing Docker: The Attack and Defense Way

Securing Docker: The Attack and Defense Way by [Nitin Sharma, Jeremy Martin, Daniel Traci]

👇 Please Follow our LI page…


DISC InfoSec

#InfoSecTools and #InfoSectraining

#InfoSecLatestTitles

#InfoSecServices

Tags: Docker installation, Securing Docker

May 04 2022

General Access Control Guidance for cloud system

Category: Access Control,Cloud computingDISC @ 3:19 pm

General-Access-Control-Guidance-for-cloud-system-1Download

Role Based Access Control in Cloud Computing: Role Based Access Control Using Policy Specification and Ontology on Clouds

Tags: 800-210, NIST Special Publication 800-210

Apr 12 2022

The importance of understanding cloud native security risks

Category: Cloud computing,Information SecurityDISC @ 10:26 am
The importance of understanding cloud native security risks

In this video for Help Net Security, Paul Calatayud, CISO at Aqua Security, talks about cloud native security and the problem with the lack of understanding of risks to this environment.

A recent survey of over 100 cloud professionals revealed that often businesses lead the charge in cloud, they see the opportunity, they move forward, but more and more critical compute finds its way into these cloud environments, and the security teams start to take notice. Often too late, though.

The survey shows that the awareness is starting to become a problem, and the risks are not fully understood. Organizations need to get ahead of these things. To be able to apply a good cloud native security strategy, understanding the risks is imperative.

cloud

Securing DevOps: Security in the Cloud

Tags: cloud native security risks

Feb 02 2022

General Access Control Guidance for Cloud Systems

Category: Access Control,Cloud computingDISC @ 11:42 pm

General-Access-Control-Guidance-for-cloud-system-1Download

Access Control Management in Cloud Environments

Tags: Access Control Management in Cloud Environments, NIST Special Publication 800-210

Jan 14 2022

The rising threat of cyber criminals targeting cloud infrastructure in 2022

Category: Cloud computingDISC @ 9:26 am
The rising threat of cyber criminals targeting cloud infrastructure in 2022

The threats are constantly shifting, subject to trends in cryptocurrency use, geopolitics, the pandemic, and many other things; for this reason, a clear sense of the landscape is essential. Below, you’ll find a quick guide to some of the most pressing threats of the coming year.

Linux and cloud infrastructure will continue to be a target

For threat actors, there is a simple calculus at play – namely, what method of attack is a) easiest and b) most likely to yield the biggest return? And the answer, at this moment, is Linux-based cloud infrastructure, which makes up 80%+ of the total cloud infrastructure. With cloud adoption increasing because of the pandemic, this has the potential to be a massive problem.

In just the last few months, ransomware gangs like BlackMatter, HelloKitty, and REvil have been observed targeting Linux via ESXi servers with ELF encryptors. And we have recently seen the PYSA ransomware gang adding Linux support. Meanwhile, experts are identifying new and increasing complex Linux malware families, which adds to the already-mounting list of concerns. Working pre-emptively against these threats is more essential than ever.

The next target of nation-state attackers? The security community

Building a Future-Proof Cloud Infrastructure

Tags: Cloud Infrastructure Security

Jan 08 2022

Top 10 Facts Every CIO Should Know About Cloud in 2022

Category: Cloud computingDISC @ 10:22 am
Top 10 Facts Every CIO Should Know About Cloud in 2022

With great power comes great responsibility and CIOs (Chief Information Office) of an organization are no different. Technology is always changing, it is a very difficult job to keep up with the changes. CIOs are expected to be aware of and have a detailed understanding of major IT industry trends, new technologies, and IT best practices that could benefit the organization.

In the current scenario, cloud computing is dominating the market. So, what are the interesting cloud computing facts that every CIO is expected to be aware of in 2022? Did you know facts about cloud computing before landing here? Let’s discuss this in detail.

Table of Content

1. Your Company’s Cloud Business Objectives
2. DevOps Is the Way to Go for Cloud Success
3. Evolution of Hybrid Cloud
4. Workload Efficiency
5. Adhere to a Private Cloud or Public Cloud
6. Total Cost of Operating
7. Sustainability with Cloud
8. Scalability
9. Artificial Intelligence in Cloud
10. Cloud Migrations Will See Delays Due to Lack of Skills
CIO & Cloud_inner image_01
Image source: Teledata

Introduction to Cloud Computing

Tags: CIO, Cloud computing, cloud security, Introduction to Cloud Computing

Jan 03 2022

SEGA Europe left AWS S3 bucket unsecured exposing data and infrastructure to attack

Category: AWS Security,Cloud computingDISC @ 10:43 am
SEGA Europe left AWS S3 bucket unsecured exposing data and infrastructure to attack

At the end of the year, gaming giant SEGA Europe inadvertently left users’ personal information publicly accessible on Amazon Web Services (AWS) S3 bucket, cybersecurity firm VPN Overview reported.

The unsecured S3 bucket contained multiple sets of AWS keys that could have allowed threat actors to access many of SEGA Europe’s cloud services along withMailChimp and Steam keys that allowed access to those services. in SEGA’s name.

“Researchers found compromised SNS notification queues and were able to run scripts and upload files on domains owned by SEGA Europe. Several popular SEGA websites and CDNs were affected.” reads the report published by VPN Overview.

sega vulnerabilities-hack-infographic-updated 2

The unsecured S3 bucket could potentially also grant access to user data, including information on hundreds of thousands of users of the Football Manager forums at community.sigames.com.

Below is the list of bugs in SEGA Europe’s Amazon cloud reported by the company:

FINDINGSEVERITY
Steam developer keyModerate
RSA keysSerious
PII and hashed passwordsSerious
MailChimp API keyCritical
Amazon Web Services credentialsCritical

Set up a virtual lab and pentest major AWS services, including EC2, S3, Lambda, and CloudFormation

Tags: AWS S3 bucket unsecured

Dec 06 2021

SECURITY GUIDANCE FOR 5G CLOUD INFRASTRUCTURES

Category: Cloud computing,Information Privacy,Information Security,Mobile SecurityDISC @ 12:20 pm

Prevent and Detect Lateral Movement

SECURITY-GUIDANCE-FOR-5G-1Download

Security and Privacy Preserving for IoT and 5G Networks: Techniques, Challenges, and New Directions 

Related articles:


The Best & Worst States in America for Online Privacy 

Wireless Wars: China’s Dangerous Domination of 5G 

👇 Please Follow our LI page…


DISC InfoSec

#InfoSecTools and #InfoSectraining

#InfoSecLatestTitles

#InfoSecServices

Tags: 5G cloud, 5G security, IoT and 5G Networks, Wireless Wars

Next Page »