Cloud Attacks on the Rise
Mitigating Cybersecurity Risks in AWS
Every day, we see a new cloud-related security incident or breach in the headlines. It doesn’t matter the industry or business size, every organization that has sensitive data in the cloud is at risk of a cybersecurity attack within their cloud environment. Let’s look at some of the numbers:
- DivvyCloud has reported that from 2018 to 2020, 33 billion records have been exposed because enterprises struggle to implement proper cloud security.
- According to Symantec, individual cloud accounts were worth $5-$10 to hackers.
- McAfee speculates that 5.5% of AWS S3 buckets are open to the public.
- In the CSA’s AWS Cloud Security Report 2020 for Management, 65% of its respondents have increased their cloud security budget.
It’s encouraging to see businesses heighten their awareness around cloud attacks and put a strong emphasis on proper configurations. No one should have a false sense of security when it comes to AWS. At KirkpatrickPrice, we want to deliver true assurance to our customers during an AWS assessment.
Transcription
I think it’s very important for us to be concerned about our cloud environments. If you are managing and administrating your AWS environment, then look at the recent news and some of the things that have occurred. The Cybersecurity and Infrastructure Security Agency has published warnings about how attackers are bypassing controls, such as multi-factor authentication. They are exploiting cloud misconfigurations and they are putting a lot of focus and attention on the cloud because of the push to remote working on top of the rapid move to the cloud that our organizations have been through. Attackers are rightly focusing on those areas to try to access sensitive data and information.
You have issues like in the Oldsmar water supply breach, in which they set up a remote access capability for workers and it had very little control over who could log into that and the methods that were used to remotely connect to the network. When you look at some of the recent breaches, like SolarWinds, people are experiencing phishing attacks that have harvested credentials in order to log into the cloud. There is a “pass-the-cookie” type of attack that is able to bypass multi-factor authentication and you are able to pass those sessions off to another user. These are things that really need to heighten our awareness about the attacks hitting our environments and we need to take a very strong look at how our cloud configurations are put together and if we are maintaining and monitoring them effectively. I’m afraid, a lot of times, people have a false sense of security simply because they have multi-factor enabled. We have to see where attackers are bypassing that and what methods they use to get around that in order to be ready for those types of attacks. If you need to look at your cloud configurations and security, please contact KirkpatrickPrice to help.
Related Videos
AWS Controls for Implementing a DMZ
AWS Functions to Restrict Database Access
AWS Password Best Practices
AWS Password Expiration Policies
AWS Password Reuse Policy
AWS Tools for Your SDLC
Access Control Using IAM Instance Roles
Assign Access Based on Business Need to Know
Attaching IAM Policies to Groups or Roles
Avoid Use of the Root Account
Basics of Role Assumption
Best Practices for Change Management in AWS
Best Practices for Password Parameters
Configuring Network Border Controls
Creating a Data Flow Diagram
Creating a Network Diagram
Define Acceptable Use of Technology Part 1
Defining Resources in IAM Policies
Defining Resources in S3 Bucket Policies
Defining Roles and Responsibilities in AWS
Developing a Process for User Authentication
Disabling Insecure Ports and Protocols
Disabling Unused Credentials
Do All Keys Have Resources Attached?
Documenting a Systems Inventory in AWS
Enabling MFA for All IAM Users
Encrypting Traffic In and Out of AWS
Encryption Decisions for Your Technology Stack
Encryption Opportunities
Encryption for EBS Volumes
Encryption for S3 Buckets
Enforce Separation with Access Controls
Enforcing Strong Encryption in AWS
Enforcing Strong TLS Ciphers
Events that Drive Key Rotation
House Accounts in CloudTrail
How to Attach IAM Policies to Groups or Roles
How to Check MFA in a Credential Report
How to Check Use of the Root Account
How to Configure Encryption for EBS Volumes on Existing EC2 Instances
How to Configure Encryption for EBS Volumes on New EC2 Instances
How to Configure Encryption for RDS
How to Configure Encryption for S3 Buckets
How to Find Administrative Privileges in IAM Policies
How to House Multiple Accounts Within an AWS Organization
How to Modify Password Complexity in a Password Policy
How to Modify Permissions to EBS Snapshots
How to Prevent Password Reuse in a Password Policy
How to Restrict Public Access to S3 Buckets
How to Use S3 Bucket Policies
IAM Policies for Account Authentication
IAM Policies that Address Administrative Privileges
Identifying Unused Credentials in a Credential Report
Industry Best Practices for Configuration Standards
Introduction to AWS Network Firewall
Introduction to Amazon EKS
Introduction to Amazon S3 Access Points
Introduction to IAM Access Analyzer
Key Rotation and Management
Load Balancers Must Require TLS 1.2
MFA for API Calls
Meeting Firewall and Router Configuration Standards
Network Segmentation for AWS
Performing Code Review Prior to Release
Physical Security Responsibilities for AWS
Physical Security Responsibilities for AWS Users
Physical Security Threats for AWS
Prevent Shared, Group, or Generic Accounts in AWS
Preventing Public Accessibility on DB Instances
Preventing Publicly Available CloudTrail Logs
Preventing Publicly Available S3 Buckets
Protecting Web Applications in AWS
Publish and Maintain an Information Security Policy
Quarterly Reviews of Your Security Program
Restricting Access to EBS Snapshots
Reviewing Firewall and Router Configurations
Rotating Access Keys
Route 53 Support for DNSSEC
Secure Code Development in AWS
Support MFA through IAM Policies
Systems Manager Maintenance
The AWS Shared Responsibility Model
Understanding the "Deny All" Function
Using AWS KMS
Using IAM Instance Roles for AWS Resource Access
Using OWASP's Kubernetes Cheat Sheet
Using Prowler to Evaluate AWS Security
Using Systems Manager from a Service-Linked Role
Using TLS 1.2 to Encrypt Data in Transit
