Evolving Risks, Insecure Defaults, Watering Hole Threats: New Research From Accurics Uncovers Developing Sources of Cloud Risk

Feb 22, 2021

As demonstrated by a recent high-profile hack, attackers increasingly strive to leverage weaknesses that enable them to deliver malware to end users, gain unauthorized access to production environments or their data, or completely compromise a target environment. This strategy is known as a watering hole attack, and Accurics researchers have seen them emerge in cloud environments where they can cause even more damage. This is partly because development processes in the cloud that leverage managed services are not hidden inside the organization as they are in on-premise environments – in fact, they’re largely exposed to the world. When criminals are able to exploit misconfigurations in development pipelines, it can spell disaster not only for the company but also its customers. To address this risk, enterprises should assume the entire development process is easily accessible, and restrict access to only the users who need it.

“Cloud native apps and services are more vital than ever before, and any risk in the infrastructure has critical implications,” said Accurics Co-founder, CTO & CISO Om Moolchandani. “Our research indicates that teams are rapidly adopting managed services, which certainly increase productivity and maintain development velocity. However, these teams unfortunately aren’t keeping up with the associated risks – we see a reliance on using default security profiles and configurations, along with excessive permissions. Messaging services and FaaS are also entering a perilous phase of adoption, just as storage buckets experienced a few years ago. If history is any guide, we’ll start seeing more breaches through insecure configurations around these services.”

Read More >

We use cookies to ensure you get the best experience on our website. By continuing to browse this site, you acknowledge the use of cookies.