Increase in emergence of new cloud watering hole attacks
There is an increased adoption of managed infrastructure services and the emergence of new cloud watering hole attacks, according to new research from Accurics.
Of all violations identified, 23% correspond to poorly configured managed service offerings largely the result of default security profiles or configurations that offer excessive permissions.
Accurics, a cloud cyber resilience specialist, has unveiled its latest research, Accurics Cloud Cyber Resilience Report, which highlights security risks identified in cloud native environments.
As demonstrated by a recent high-profile hack, attackers increasingly strive to leverage weaknesses that enable them to deliver malware to end users, gain unauthorised access to production environments or their data, or completely compromise a target environment.
This strategy is known as a watering hole attack, and Accurics researchers have seen them emerge in cloud environments where they can cause even more damage. This is partly because development processes in the cloud that leverage managed services are not hidden inside the organisation as they are in on-premise environments in fact, they’re largely exposed to the world.
When criminals are able to exploit misconfigurations in development pipelines, it can spell disaster not only for the company but also its customers. To address this risk, enterprises should assume the entire development process is easily accessible, and restrict access to only the users who need it.
“Cloud native apps and services are more vital than ever before, and any risk in the infrastructure has critical implications,” says Accurics co-founder, CTO & CISO Om Moolchandani.