EXECUTIVE SUMMARY:
Organizations leverage cloud computing to reduce compute costs and to rapidly provision new computing resources for the purpose of supporting evolving business needs. Cloud-based technologies provide opportunities to go-to-market quickly, allowing enterprises to reach stakeholders and customers faster than ever before.
Across the past 10 years, cloud computing has transformed from into a cornerstone of the IT industry, boosting power of virtualization, storage, hosting and other networking services. Nonetheless, the cloud environment is vulnerable to cyber attacks. In 2021, forty percent of organizations reported cloud security breaches.
Below are five cloud security breach examples and lessons that all organizations can benefit from.
1. Accenture. In August of 2021, Accenture fell prey to a LockBit ransomware attack. The culprits claimed to have stolen 6TB worth of data, for which they requested a ransom of $50 million.
The largest exposed server appeared to contain credentials linked to Accenture customer accounts. One backup database contained nearly 40,000 passwords – the majority of which were in plain text.
“This cloud leak shows that even the most advanced and secure enterprises can expose crucial data and risk serious consequences,” wrote security researcher Chris Vickery.
Lesson learned: Ensure that IT departments and/or cyber security personnel check to ensure correct configuration of AWS cloud servers. Attacks on misconfigured servers can cause extreme reputational, client and financial damage.
2. Kaseya. In July of 2021, IT solutions provider Kaseya identified an attack on their unified remote monitoring and network perimeter security tool. The attackers aimed to steal administrative control for Kaseya services; from managed service providers to downstream customers.
The attack itself disrupted the organization’s SaaS servers and affected on premise VSA solutions used by Kaseya customers across nearly a dozen countries. After Kaseya alerted customers about the attack, it then rolled out the Kaseya VSA detection tool, which enabled business users to analyze VSA services and to screen endpoints for indicators of vulnerability.
Lessons learned: From this attack, organizations observed the importance of maintaining updated backups in easily retrievable, air-gapped repositories that remain segregated from organizational networks. Businesses are also reminded to manage patches, implement multi-factor authentication, and follow principles of zero trust.
3. Cognyte. In May of 2021, the cyber analytics firm Cognyte left a database unsecured without authentication protocols. In turn, hackers managed to expose 5 billion records. Information such as names, email addresses, passwords, and vulnerability data points within their system were leaked. Information was even indexed by search engines.
Lessons learned: The company managed to secure the data within four days, but the incident highlighted how persistent cyber attackers can effectively exploit the smallest of flaws. In this instance, the importance of cyber attack prevention cannot be overstated. Prevent as many attacks as possible through a combination of policies, tools, education and vigilance.
4. Facebook. In April of 2021, Facebook reported a breach affecting hundreds of millions of user records, which were publicly exposed on Amazon’s cloud computing service. Although Facebook confirmed that it identified and resolved the issue immediately, the attack managed to impact founder Mark Zuckerberg.
In precipitating the incident, two third-party Facebook app development companies posted the records in plain sight. The database exposed contained private information that social engineers could use in targeted attacks or within hacking attempts.
Lessons learned: In resolving this issue, Facebook reached out to Amazon, which took down the exposed servers. “…If you’re still opening AWS buckets [to the public], you’re not paying attention,” says business advisor Corey Quinn.
5. Raychat. In February of 2021, Raychat, an online chat application, survived a large-scale cyber attack. A cloud database configuration breach gave hackers free access to 267 million usernames, emails, passwords, metadata and encrypted chats. Shortly thereafter, a targeted bot attack erased the entirety of the company’s data.
According to reports, a MongoDB misconfiguration left the data openly available. The attack highlighted how NoSQL databases can function as easy targets for bot threat actors.
Organizations need to ensure that databases are secure. NoSQL databases in particular represent targets for malicious actors who wish to steal or wipe content, unless given a ransom payment. In Raychat’s case, a README ransom note appeared, demanding roughly $700 USD.
Lesson learned: Database security requires a range of tools controls and measures that can protect the database itself, the actual data embedded within, its database management system and the assorted applications that access it. End-to-end compliance technologies and cybersecurity penetration tests can help.
In closing
Cloud computing increases operational efficiency and simplicity, provided that security measures are in place. Is your cloud secure enough?
Be sure to avoid AWS security breaches and other common stumbling points. For more cloud security breach insights, see CyberTalk.org’s past coverage. Also, be sure to check out our Cloud Security Buyer’s Guide.
