InfoSec and Compliance – With 20 years of blogging experience, DISC InfoSec blog is dedicated to providing trusted insights and practical solutions for professionals and organizations navigating the evolving cybersecurity landscape. From cutting-edge threats to compliance strategies, this blog is your reliable resource for staying informed and secure. Dive into the content, connect with the community, and elevate your InfoSec expertise!
The threats are constantly shifting, subject to trends in cryptocurrency use, geopolitics, the pandemic, and many other things; for this reason, a clear sense of the landscape is essential. Below, you’ll find a quick guide to some of the most pressing threats of the coming year.
Linux and cloud infrastructure will continue to be a target
For threat actors, there is a simple calculus at play – namely, what method of attack is a) easiest and b) most likely to yield the biggest return? And the answer, at this moment, is Linux-based cloud infrastructure, which makes up 80%+ of the total cloud infrastructure. With cloud adoption increasing because of the pandemic, this has the potential to be a massive problem.
In just the last few months, ransomware gangs like BlackMatter, HelloKitty, and REvil have been observed targeting Linux via ESXi servers with ELF encryptors. And we have recently seen the PYSA ransomware gang adding Linux support. Meanwhile, experts are identifying new and increasing complex Linux malware families, which adds to the already-mounting list of concerns. Working pre-emptively against these threats is more essential than ever.
With great power comes great responsibility and CIOs (Chief Information Office) of an organization are no different. Technology is always changing, it is a very difficult job to keep up with the changes. CIOs are expected to be aware of and have a detailed understanding of major IT industry trends, new technologies, and IT best practices that could benefit the organization.
In the current scenario, cloud computing is dominating the market. So, what are the interesting cloud computing facts that every CIO is expected to be aware of in 2022? Did you know facts about cloud computing before landing here? Let’s discuss this in detail.
At the end of the year, gaming giant SEGA Europe inadvertently left users’ personal information publicly accessible on Amazon Web Services (AWS) S3 bucket, cybersecurity firm VPN Overview reported.
The unsecured S3 bucket contained multiple sets of AWS keys that could have allowed threat actors to access many of SEGA Europe’s cloud services along withMailChimp and Steam keys that allowed access to those services. in SEGA’s name.
“Researchers found compromised SNS notification queues and were able to run scripts and upload files on domains owned by SEGA Europe. Several popular SEGA websites and CDNs were affected.” reads the report published by VPN Overview.
The unsecured S3 bucket could potentially also grant access to user data, including information on hundreds of thousands of users of the Football Manager forums at community.sigames.com.
Below is the list of bugs in SEGA Europe’s Amazon cloud reported by the company:
FINDING
SEVERITY
Steam developer key
Moderate
RSA keys
Serious
PII and hashed passwords
Serious
MailChimp API key
Critical
Amazon Web Services credentials
Critical
Set up a virtual lab and pentest major AWS services, including EC2, S3, Lambda, and CloudFormation
“Today’s hyper-targeted spear phishing attacks, coming at users from all digital channels, are simply not discernable to the human eye. Add to that the increasing number of attacks coming from legitimate infrastructure, and the reason phishing is the number one thing leading to disruptive ransomware attacks is obvious.”
Human interaction online has largely moved to the cloud
Apps and browsers are used as humans connect with work, family, and friends. Cybercriminals are taking advantage of this by attacking outside of email and taking advantage of less protected channels like SMS text, social media, gaming, collaboration tools, and search apps.
Spear phishing and human hacking from legitimate infrastructure increased in August 2021, 12% (or 79,300) of all malicious URLs identified came from legitimate cloud infrastructure like including AWS, Azure, outlook.com, and sharepoint.com – enabling cybercriminals the opportunity to easily evade current detection technologies.
Misconfigurations in software development environments and poor security hygiene in the supply chain can impact cloud infrastructure and offer opportunities for malicious actors to control unwitting victims’ software development processes.
Within three days, the company discovered critical software development flaws that could have exposed the organization to an attack similar to those perpetrated against SolarWinds and Kaseya.
If an attacker (like an APT) compromises third-party developers, it’s possible to infiltrate thousands of organizations’ cloud infrastructures, the report warned.
Supply Chain Flaws in the Cloud
Matt Chiodi, CSO of public cloud at Palo Alto Networks, explained that supply chain flaws in the cloud are difficult to detect because of the massive number of building blocks that go into even a basic cloud-native application.
“Our researchers estimated that the typical cloud-native application is built upon hundreds of these packages,” he said. “Let’s call them ‘Legos.’ Each of these Legos that developers plug into their application carries a certain risk and can be a vector to another supply chain attack.”
The report highlights how vulnerabilities and misconfigurations can quickly snowball within the context of the cloud software supply chain, and called for organizations to “shift security left.”
“Shifting security left is about moving security as close to development as possible,” said Chiodi. “Historically, security and development teams have operated independently of each other.” He added that development teams like to move quickly and try new things and security is more often the opposite.
“The concept of ‘shift left’ attempts to not change developer behaviors, but rather equip them with processes and tools that work natively to secure their existing methods of developing software,” Chiodi said. “If security teams can equip development teams with processes and tools that work natively with development tools and measure regularly, they greatly reduce their risks of supply chain insecurity from cloud-native applications. This is a good first step.”
He pointed out the first wave of migrations to the cloud was marked by “lift and shift,” meaning that organizations simply took existing applications as-is and moved them to the cloud.
“When they did this, they could say the applications were running in the cloud, but the applications themselves were not cloud-native,” he said.
IBM Security Services today published a report detailing a raft of issues pertaining to cloud security, including the fact that there are nearly 30,000 cloud accounts potentially for sale on dark web marketplaces.
The report is based on dark web analysis, IBM Security X-Force Red penetration testing data, IBM Security Services metrics, X-Force Incident Response analysis and X-Force Threat Intelligence research.
The report found advertisements for tens of thousands of cloud accounts and resources for sale. Prices generally range from a few dollars to over $15,000 per account for access credentials depending on the amount of cloud resources that might be made accessible. On average, the price tag for cloud access rose an extra $1 for every $15 to $30 in credit the account held. Therefore, an account with $5,000 in available credit would be worth about $250, the report surmised.
In 71% of cases, threat actors offered access to cloud resources via the remote desktop protocol (RDP). X-Force Red found that 100% of their penetration tests into cloud environments in 2021 uncovered issues with either passwords or policy violations. Two-thirds of cloud breaches would likely have been prevented by more robust hardening of systems, such as properly implementing security policies and patching systems, the report noted.
More troubling still, IBM research indicates that vulnerabilities in cloud applications are growing, totaling more than 2,500 vulnerabilities for a 150% increase in the last five years. Almost half of the more than 2,500 disclosed vulnerabilities in cloud-deployed applications recorded to date were disclosed in the last 18 months.
The report also notes two-thirds of the incidents analyzed involved improperly configured application programming interfaces (APIs), mainly involving misconfigured API keys that allowed improper access. API credential exposure through public code repositories frequently resulted in access into cloud environments as well, the report noted.
This, paired with the “anything you can do, I can do better” mantra adopted by today’s nation-state threat actors, has left mission-critical information vulnerable to attack as it undergoes the great cloud migration.
These agile threat actors – without any red tape to stand in their way – have already adopted a cloud-centric mindset, oftentimes at the expense of our national security. Meanwhile, emerging technologies like artificial intelligence and machine learning that lend themselves to assisting defensive efforts are rendered useless unless the defense community focuses more time, energy and resources on becoming cloud-centric.
Ultimately, the issue of national security hangs in the balance, and the best way to ensure we stay ahead of the curve is by using the cloud to “digitally overmatch” our opponents and unlock the full potential of digital transformation.
Overwhelming opponents
Originally coined by the Army, the concept of “digital overmatch” stems from the idea that the respective branches of the military can easily overwhelm their opponents on the ground due to their superior resources. Now, in the era of cyber-enabled conflict, this concept can also be applied to the non-Defense space. Given that data is such a strategic asset, defenders must ensure they can outpace and outmaneuver adversaries by using data-driven technologies such as the cloud, and deliver on-demand resources across all domains whenever and wherever they’re needed.
Without commercial and government innovation in cloud-native technology, federal agencies and the military are unable to maximize the full potential of their modernization strategy.
What do AWS Partners with Level 1 Managed Security Service (MSSP) Competency provide?
All AWS Level 1 MSSP Competency Partners provide at minimum the ten 24/7 security monitoring, protection, and remediation services as defined in the Level 1 Managed Security Services baseline. Those ten 24/7 services specifically are below.
Many of the Level 1 MSSP Competency Partners also provide additional security assessment and implementation professional services as well to assist customers in their AWS cloud journey.
AWS Infrastructure Vulnerability Scanning – Routine scanning of AWS infrastructure for known software vulnerabilities.
AWS Resource Inventory Visibility – Continuous scanning and reporting of all AWS resources and their configuration details, updated automatically with newly added or removed resources.
AWS Security Best Practices Monitoring – Track and detect misconfigurations of AWS resources to improve cloud security posture and reduce business risk.
AWS Compliance Monitoring – Scanning AWS environment for compliance standards such as: CIS AWS Foundations, PCI DSS, HIPAA, HITRUST, ISO 27001, MITRE ATT&CK, and SOC2.
Monitor, Triage Security Events – Gain visibility into security alerts with a consolidated list of security events and recommended remediation guidance.
24/7 Incident Alerting and Response – Receive notification of high priority security events and expert guidance on recommended remediation steps 24/7.
DDoS Mitigation – Increase visibility and resilience to DDoS attacks and reduce the risk of availability, financial, and security impacts to applications.
Managed Intrusion Prevention System (IPS) – Add a layer of security for AWS-based endpoints, helping with defense against known threat patterns, to increase overall security posture.
Managed Detection and Response (MDR) for AWS-Based Endpoints – A combination of technology and cloud security experts working to continuously detect, investigate, and remove threats from within AWS-based endpoints.
Managed Web Application Firewall (WAF) – A firewall managed service designed to protect web-facing applications and APIs against common exploits.
While Security Orchestration Automation and Response (SOAR) solutions help automate and structure these activities, the activities themselves require telemetry data that provide the breadcrumbs to help scope, identify and potentially remedy the situation. This takes increasing significance in the cloud for a few reasons:
The public cloud shared security model may lead to gaps in the telemetry (e.g., lack of telemetry from the underlying infrastructure that could help correlate breadcrumbs at the infrastructure level to the application level).
Lack of consistency in telemetry information as applications increasingly segment into microservices, containers and Platform-as-a-Service, and as various modules come from different sources such as internal development, open source, commercial modules, and outsourced development.
Misconfigurations and misunderstandings as control shifts between DevOps, CloudOps and SecOps.
All the above coupled with a significant expansion of attack surface area with the decomposition of monolith applications into microservices.
When incidents occur, the ability to quickly size up the scope, impact and root cause of the incident is directly proportional to the availability of quality data, and its ability to be easily queried, analyzed, and dissected. As companies migrate to the cloud, logs have become the de-facto standard of gathering telemetry.
This book is designed for security and risk assessment professionals, DevOps engineers, penetration testers, cloud security engineers, and cloud software developers who are interested in learning practical approaches to cloud security. It covers practical strategies for assessing the security and privacy of your cloud infrastructure and applications and shows how to make your cloud infrastructure secure to combat threats, attacks, and prevent data breaches. The chapters are designed with a granular framework, starting with the security concepts, followed by hand-on assessment techniques based on real-world studies, and concluding with recommendations including best practices.
FEATURES:
Includes practical strategies for assessing the security and privacy of your cloud infrastructure and applications
Covers topics such as cloud architecture and security fundamentals, database and storage security, data privacy, security and risk assessments, controls related to continuous monitoring, and more
Presents several case studies revealing how threat actors abuse and exploit cloud environments to spread malware
By 2022, API abuses will become the most frequent attack vector, predicts Gartner. We’re already witnessing new API exploits reach the headlines on a near-daily basis. Most infamous was the Equifax breach, an attack that exposed 147 million accounts in 2017. Since then, many more API breaches and major vulnerabilities have been detected at Experian, Geico, Facebook, Peleton and other organizations.
So, why are API attacks suddenly becoming so prevalent? Well, several factors are contributing to the rise in API exploits. As I’ve covered before, the use of RESTful web APIs is becoming more widespread through digital transformation initiatives and SaaS productization. And, the data these touchpoints transmit can carry a hefty price tag. Unfortunately, cybersecurity has not sufficiently progressed, making APIs ripe for the hacker’s picking.
I recently met with Roey Eliyahu, CEO of Salt Security, to better understand why more and more APIs hacks are making headlines. According to Eliyahu, a general lack of security awareness means these integration points are a low-effort, high-reward attack target. Establishing protection against zero-day threats means increasing the visibility of API holdings, testing for broken authorization and instigating ongoing monitoring of runtime environments.
Below, I’ll review the top factors contributing to the rise in API exploits. We’ll explore some of the top reasons why API attacks are increasing and consider how a zero-day protection mindset can mitigate common API vulnerabilities.
It guides system administrators and developers of National Security Systems on how to deploy Kubernetes with example configurations for the recommended hardening measures and mitigations.
Below is the list of mitigations provided by the US agencies:
Scan containers and Pods for vulnerabilities or misconfigurations.
Run containers and Pods with the least privileges possible.
Use network separation to control the amount of damage a compromise can cause.
Use firewalls to limit unneeded network connectivity and encryption to protect confidentiality.
Use strong authentication and authorization to limit user and administrator access as well as to limit the attack surface.
Use log auditing so that administrators can monitor activity and be alerted to potential malicious activity.
Periodically review all Kubernetes settings and use vulnerability scans to help ensure risks are appropriately accounted for and security patches are applied.
Learn Kubernetes Security: Securely orchestrate, scale, and manage your microservices in Kubernetes deployments
Further, a recent Sophos survey found that the average post-attack remediation costs, including lost business, grew to nearly $2 million per incident in 2021, about 10 times the size of the ransom payment itself.
CISOs and hands-on security professionals are implementing several tactics to defend their organization, and these include proactive threat hunting and technical defenses like multi-factor authentication.
While these practices are helpful, they are focused on preventing attacks from happening in the first place while the harsh reality is that it’s no longer a question of if hackers are going to get in, but when. With so much at stake, why are data recovery and restoration often put on the back burner of the security conversationwhen it could be the most valuable tool in the security arsenal?
Embracing new technologies lead to qualitative growth but simultaneously holds high chances of quantitative data breaches. While adopting cloud technology, it is important to see the security of cloud infrastructure as one of the crucial responsibilities. There are various organizations out there that are still unsure of the security of their data present in the cloud environment.
In 2019, Collection #1, a massive data breach held responsible for compromising data set of over 770 million unique email addresses and 21 million unique passwords. The collection of data files was stored on a cloud storage service and MEGA. Similarly, information of over 108 million bets’ records was leaked by an online casino group. The leaked data included details of customers’ personal information along with deposits and withdrawals.
Then the same year, a famous food delivery service providing firm was breached, compromising the data of 4.9 million users, including consumers and delivery employees.
Additionally, a post from Security Boulevard says acording to a survey almost 98% of the companies had witnessed at least one cloud data breach in the past 18 months, that is compared to 79% in 2020.
Nowadays, cloud computing servers are becoming susceptible to data breaches. Cloud infrastructure security solutions help in ensuring that data like sensitive information and transaction is protected. It also helps in preventing the third party from tampering with the data being transmitted.
DDoS Protection
Distributed denial of service, aka DDoS attacks, is infamously rising and deployed to flood the computer system with requests. As a result, the website slows down to load to a level where it starts crashing when the number of requests exceeds the limit of handling. Cloud computing security provides solutions that focus on stopping bulk traffic that targets the company’s cloud servers.
Constant Support
When it comes to the best practices of cloud infrastructure security solutions, it offers consistent support and high availability to support the company’s assets. In addition, users get to enjoy the benefit of 27/7 live monitoring all year-round. This live monitoring and constant support offer to secure data effortlessly.
Threat Detection
Infrastructure security in the cloud offers advanced threat detection strategies such as endpoint scanning techniques for threats at the device level. The endpoint scanning enhances the security of devices that are accessing your network.
Supervision of Compliance
In order to protect data, the entire infrastructure requires to be working under complaint regulations. Complaint secured cloud computing infrastructure helps in maintaining and managing the safety features of the cloud storage.
The points mentioned above are clear enough to state how beneficial and vital is cloud infrastructure security for an organization. Unfortunately, there are very many high-profile cases that have been witnessed in past years relating to data breaches.
To patch the loopholes and strengthen the IT infrastructure security, it is crucial to keep the security of cloud storage services a high priority. Engage with the top-class cloud computing security tools to get better results and have the data secured.
The growing reliance on public cloud services as both a source and repository of mission-critical information means data owners are under pressure to deliver effective protection for cloud-resident applications and data. Indeed, cloud is now front of mind for many IT organisations. According to recent research by Enterprise Strategy Group (ESG) cloud is “very well-perceived by data protection decision makers”, with 87% of saying it has made a positive impact on their data protection strategies.
However, many organisations are unclear about what levels of data protection are provided by public cloud infrastructure and SaaS solutions, increasing the risk of potential data loss and compliance breach. At the same time, on-premises backup and disaster recovery strategies are increasingly leveraging cloud infrastructure, resulting in hybrid data protection strategies that deliver inconsistent service levels.
Despite these challenges, there are a significant number of organizations that still don’t use a third-party data protection solution or service. This should be cause for concern considering that everything an organization stores in the cloud, from emails and files to chat history and sales data (among many other datasets) is its responsibility and is subject to the same recoverability challenges and requirements as traditional data. In fact, only 13% of survey respondents see themselves as solely responsible for protecting all their SaaS-resident application data.
A strong case can be made that shoring up defenses requires “automating out” the weakest link – i.e., humans – from any cloud that companies are entrusting with their data. This applies to their internal, on-premise clouds as well as to the external cloud vendors that they choose to engage with.
In “automating out the weak link,” the ability of superusers or IT administrators – or of bad actors who have gained access to valid admin credentials – to manually interfere with sensitive data becomes non-existent, because human interaction is eliminated.
Trust no one
The zero-trust model, which has gained favor in recent years among many cloud vendors, serves as a starting point for making this happen.
The zero-trust security framework challenges the idea of trust in any form, whether that’s trust of networks, trust between host and applications, or even trust of super users or administrators. The best way to secure a network, according to the zero trust framework, is to assume absolutely no level of trust.
For some time, the public cloud has actually been able to offer more protection than traditional on-site environments. Dedicated expert teams ensure that cloud servers, for example, maintain an optimal security posture against external threats.
But that level of security comes at a price. Those same extended teams increase insider exposure to private data—which leads to a higher risk of an insider data breach and can complicate compliance efforts.
Recent developments in data security technology—in chips, software, and the cloud infrastructure—are changing that. New security capabilities transform the public cloud into a trusted data-secure environment by effectively locking data access to insiders or external attackers
This eliminates the last security roadblock to full cloud migration for even the most sensitive data and applications. Leveraging this confidential cloud, organizations for the first time can now exclusively own their data, workloads, and applications—wherever they work.
Even some of the most security-conscious organizations in the world are now seeing the confidential cloud as the safest option for the storage, processing, and management of their data. The attraction to the confidential cloud is based on the promise of exclusive data control and hardware-grade minimization of data risk.
What is the confidential cloud?
Over the last year, there’s been a great deal of talk about confidential computing—including secure enclaves or TEEs (Trusted Execution Environments). These are now available in servers built on chips from Amazon Nitro Enclaves, Intel SGX (Software Guard Extensions), and AMD SEV (Secure Encrypted Virtualization).
Today, rapid digitalization has placed a significant burden on software developers supporting remote business operations. Developers are facing continuous pressure to push out software at high velocity. As a result, security is continuously overlooked, as it doesn’t fit into existing development workflows.
The way we build software is increasingly automated and integrated. CI/CD pipelines have become the backbone of modern DevOps environments and a crucial component of most software companies’ operations. CI/CD has the ability to automate secure software development with scheduled updates and built-in security checks.
Developers can build code, run tests, and deploy new versions of software swiftly and securely. While this approach is efficient, major data breaches have demonstrated a significant and growing risk to the CI/CD pipeline in recent months.
![STORING YOUR DATA IN THE CLOUD by [Lursa Muuda]](https://m.media-amazon.com/images/I/513-WmQ1xCS.jpg)
