Security News
Attackers can exfiltrate company data stored in Google Cloud Platform storage buckets without leaving obvious forensic traces of the malicious activity in GCP's storage access logs, Mitiga researchers have discovered. "In normal usage, files inside storage objects are read multiple times a day as part of day-to-day activity of the organization," Mitiga cloud incident responder Veronica Marinov noted.
An advanced hacking operation dubbed 'SCARLETEEL' targets public-facing web apps running in containers to infiltrate cloud services and steal sensitive data. While the attackers deployed cryptominers in the compromised cloud environments, the hackers showed advanced expertise in AWS cloud mechanics, which they used to burrow further into the company's cloud infrastructure.
After working strictly in the cloud with industry-leading enterprises for the past six years, I've seen it all and can sympathize with CISOs facing cloud security challenges. The overall risk level in key areas such as cloud security posture management, cloud infrastructure entitlement management, cloud workload protection platform and data are considered "High"' While a few organizations were at only a "Medium" level in some areas, none were at "Low" risk.
Network builders tend to overlook the vulnerabilities of network topologies, which leads to complications down the road, especially since the structures of cloud network topologies are not all of the same quality. Although there are various network topologies for on-prem infrastructure, the network design team may not be aware of the best approach in cloud platforms for their requirements, or a cloud networking strategy may even go overlooked during the migration.
Cloud and application security is everyone's responsibility - there isn't much of a choice. Many enterprise cloud customers make the mistake of believing that they are free from obligation when it comes to application security, and they deploy the apps in the cloud, exposing themselves to security gaps at the seam of enterprise and cloud vendor infrastructures.
Enterprises have a limited number of analysts running their security operations centers and are deploying multiple tools in an attempt to address their cloud security challenges, according to ManageEngine. ManageEngine's study has also revealed a surge in cloud adoption, with 72% of respondents using multi-cloud applications and another 5% using hybrid cloud systems.
Companies are challenged with more complex hybrid IT environments. They are raising budgets to fend off cyberattacks and keep up as production environments continue to diversify across various clouds, according to Veeam Software.
The survey seeks to uncover the changing attitudes toward public cloud storage adoption, the factors that influence storage buying decisions, and the top priorities when it comes to budget, use cases, security, and cloud data migration. "We also gathered important data to inform understanding of new trends: the fact that more than 50% of organizations exceed their budgeted spend on cloud storage; and that many struggle with security due to inadequate training and user experience with cloud storage," added Smith.
GoTo is a well-known brand that owns a range of products, including technologies for teleconferencing and webinars, remote access, and password management. If you've ever used GoTo Webinar, GoToMyPC, or LastPass, you've used a product from the GoTo stable.
"The rise in attacks on the cloud was driven both by an overall increase in cyberattacks globally and also by the fact that it holds much more data and incorporates infrastructure and services from large amounts of potential victims, so when exploited the attacks could have a larger impact," Omer Dembinsky, data group manager at Check Point, told The Register. Check Point researchers noted examples in recent years that highlight the dangers of attacks on networks hosted in or managed from the cloud, including a security breach of AIS, a cellular network in Thailand, in which 8 billion internet activity records were accidentally exposed.