Transforming IT
cancel
Showing results for 
Search instead for 
Did you mean: 

Account or Service Traffic Hijacking, another Top Security Threat in the Cloud

KellyBaig

What is the “Notorious Nine”? This is the term given by CSA to the “top threats” to providing security in cloud computing

This article is the forth in a blog series, in which CSA’s Jim Reavis provides his expert advice on how to avoid the dangers posed by each of the Notorious Nine threats. The previous articles in this blog series, can be found here.

To follow along, search for #Notorious9 on social media.

Bio on Jim Reavis:  As the co-founder and CEO of the Cloud Security Alliance (CSA), Jim has worked in the information security industry as an entrepreneur, writer, speaker, technologist and business strategist. Jim’s innovative thinking about emerging security trends have been published and presented widely throughout the industry and have influenced many. Jim has been named as one of the Top 10 cloud computing leaders by SearchCloudComputing.com. 

                                                                                                                                               

By Jim Reavis:

Cloud computing’s popularity in many respects stems from its simplicity: it can be up and running with just a few mouse clicks, and “mashed up” with other cloud services to rapidly deploy new business applications faster than any other alternative.  The simplicity of cloud’s user and API interfaces can belie hidden complexities of a very sophisticated system.  The technology behind on demand, multi-tenant computing is indeed advanced, and virtually all cloud systems have multiple vendors.  It has long been a principle of information security that systems – a collection of computers working together – are the complex entities that make security a challenge. 

When thinking about attacking or defending computer systems, we seek to identify the weak links.  We should reasonably expect that malicious attackers will look for the paths of least resistance to maximize the ROI of their hacking activities.  In cloud computing, top tier cloud providers generally have deployed a high level of security for the core data center assets they have complete control over.  However, they have less control over the system components that interface with the outside world, most notably customers.  This brings us to our third threat in the CSA Notorious Nine report, Account or Service Hijacking, an important weak link that we must understand and protect against.

As the report states,
”Account or service hijacking is not new. Attack methods such as phishing, fraud, and exploitation of software vulnerabilities still achieve results. Credentials and passwords are often reused, which amplifies the impact of such attacks. Cloud solutions add a new threat to the landscape. If an attacker gains access to your credentials, they can eavesdrop on your activities and transactions, manipulate data, return falsified information, and redirect your clients to illegitimate sites. Your account or service instances may become a new base for the attacker. From here, they may leverage the power of your reputation to launch subsequent attacks.” 

In 2014, this threat was famously demonstrated in the iCloud celebrity hacking scandal, where several Hollywood starlets had their accounts compromised, leading to the exposure of several embarrassing and personal photos.  Apple’s iCloud service was not compromised, the malicious attackers knew attacking Apple directly would be an extremely difficult means to steal sensitive data.  The path of least resistance was to attack specific targets at the endpoint, which meant stealing the credentials of these celebrities. 

As stated, phishing and other means to steal credentials is not new and predates cloud.  The reason this made our list of top threats to cloud computing is that cloud can amplify this threat.  As companies begin using hundreds of cloud services, it is possible that one stolen credential could be reused across many providers.  Even if a user has strong defenses and good awareness to avoid direct phishing-style attacks, a malicious attacker may be able to go directly to the cloud provider and exploit a poorly designed password recovery system or use social engineering to gain access to credentials. 

As the report relates, this type of credential hijacking is not limited to gaining the access rights of human users.  Service accounts that have privileged programmatic access are at risk as well, as the attacker could conduct an elevated privilege attack to extract sensitive information via an API interface.

Combatting Account or Service Traffic Hijacking

As our computing universe expands, identity plays an increasingly important role in protecting our systems.  Defending against credential hijacking can take several forms, perhaps the most important security control is multi-factor authentication.  Multi-factor authentication combines something you know (a password) with something you have (security token or mobile phone) or something you are (biometric identification).  Strong authentication has the typical consequence of restricting access to cloud systems from only your authorized devices.  Now, the hacker’s stolen password is useless, they need to steal your computer as well.  When CSA began conducting Top Threats research in 2010, multi-factor authentication wasn’t pervasively available.  Now it is virtually everywhere, and should be adopted widely. 

Beyond multi-factor authentication, we should make sure that we have strong password requirement policies and design password recovery systems that cannot be exploited without at least two factor authentication.  For large organizations with a number of cloud properties, a well designed identity federation system that prevents credentials from being scattered across multiple clouds and allows for immediate and global revocation is critical.  Despite improvements we can make in preventing credential hijacking, we know that this theft will still happen.  Intrusion detection systems can help reduce the time to respond to these issues, and having granular user access control policies that minimize the scope of what a hijacked credential can be used for is important.

In Summary

Account or Service Traffic Hijacking is a significant threat to cloud computing, due to its indirect modus operandi of exploiting systemic weaknesses in user credential management.  It is a key contributing factor to our number one threat of Data Breach. Multi-factor authentication and robust identity management systems are important security controls to complement efforts to prevent credential attack methods, such as phishing.  Augmenting these controls with additional security systems that mitigate successful hijackings through rapid detection and “need to know” access policies will minimize this threat significantly.

Get Some Help to Beef Up Your Approach to Cloud Security

HPE’s Cloud Computing Security Knowledge (CCSK) courses were developed in partnership with CSA. These courses are designed to provide you with the knowledge that you need, to avoid security risks in the cloud and implement best practice approaches – such as to avoid data breach.

Attending RSA? Register now for an on-site CCSK course provided by HPE at the event.

 

 

0 Kudos
About the Author

KellyBaig

25+ years in high tech in various roles that include Consulting, Channel Mgmt, Product Mgmt and Marketing. Technology areas include storage and data management, high availability, cloud and hosting, networking, and mobility/wearable technology for enterprise, SMB , and channel business. Industries include healthcare, financial services, ISVs, Service Providers and telecos.

Labels
Events
June 18 - 20
Las Vegas, NV
HPE Discover 2019 Las Vegas
Learn about all things Discover 2019 in  Las Vegas, Nevada, June 18-20, 2019
Read more
Read for dates
HPE at 2019 Technology Events
Learn about the technology events where Hewlett Packard Enterprise will have a presence in 2019.
Read more
View all