Author: Sue Poremba
With millions of people now working remotely, cloud computing is increasingly important to how organizations adapt and remain resilient, and public cloud adoption is accelerating. But how secure is it? Can the cloud be hacked? It can—high-profile incidents like the Cloud Hopper attack and more recent ones like the attack on Autoclerk show that cloud-centric hacks are emerging as a troubling trend in cyber security.
How does a cloud hack occur?
In the case of Operation Cloud Hopper, attackers carried out a series of sustained attacks against managed service providers and, by extension, their clients. They used phishing emails to compromise accounts and, upon gaining access to a cloud service provider, used the cloud infrastructure to hop from one target to another, accessing sensitive intellectual and customer data along the way.
When the cloud is hacked like this, it is not just data that is at risk. When hackers leverage compromised user credentials to gain access to the cloud, they can move around freely, and customers have less control of the cloud environment, according to the Verizon 2021 Data Breach Investigations Report.
What happens when the cloud is hacked?
"Though the cloud is physically more secure, the ease of use has led to a boom in new applications and databases and increasingly complex configurations that are difficult to manage and monitor," cyber security expert Manav Mital told The Washington Post.
And the more difficult a cloud configuration is to monitor, the more opportunities there are for vulnerabilities. When more applications and tools are stored in the cloud, more people will need access to it, and it is easier to grant them that access by unlocking some security tools, such as firewalls. Attackers can walk right through these open doors, putting sensitive corporate data at risk. Security-bypassing cloud attacks have led to high-profile breaches at Instagram and Docker Hub, to name a few.
Does it matter whether the cloud is public or private?
When data is stored on a private or on-premises cloud, your organization has full control over it. Private and on-premises clouds are more difficult to hack—but that also means that any security failures are your responsibility.
In a public cloud, security responsibilities are shared between the service provider and the customer. Public clouds have security features, but cyber criminals have developed techniques to exploit vulnerabilities and features in cloud services such as AWS and Azure. Kelly Sheridan wrote in Dark Reading that "actors typically steal AWS keys and seek direct paths to resources stored in open S3 buckets, or they launch a new Amazon Elastic Compute Cloud to mine cryptocurrency."
Preventing cloud hacks
Hackers know that companies are using the cloud more than ever. Cloud hacks could result in compromised data and compliance failures, which could come with large fines and loss of consumer trust.
There are several ways to prevent cloud hacks, such as safeguarding against credential theft, requiring multi-factor authentication and prohibiting credential-sharing. Work closely with your service provider to ensure that it enacts proper security measures to deter potential hacks.
Can the cloud be hacked? It absolutely can be—so you must step up your cyber security to prevent a devastating data breach.
Unlock powerful cloud connectivity and security with Verizon Secure Cloud Interconnect.
The author of this content is a paid contributor for Verizon.