Top 5 Cloud Vulnerabilities

Vulnerabilities to your network security can and should be addressed with several steps to making absolutely sure your security detection is at the level it should be. This article will break down the key areas to address when remedying cloud security threats in a quick and easy fashion, for compliance solutions that include being in full HIPAA compliance, PCI compliance, SQL injection prevention, Sox compliance, OWASP resources and tools, and more.

1. Account Hijacking/Session Riding. It's known as account hijacking, session riding, or session hijacking, and it's becoming all too commonplace.Last year, over 150 million PayPal accounts were one click away from being hijacked and exploited for the personal and financial information gained by those who abuse valid computer sessions, or session keys, in order to commit yet another form of online theft. If a supposedly secured and bonded site like PayPal can suffer PCI Compliance data breaches like this, then what can you do about them? The answer is, have a threat detection expert diagnose and shore up any potential cloud computing account hijacking threats with some key moves that will basically put layers of hardware and software between your sensitive data and potential session hijackers. Also, beware of any suspicious work emails, web links, and even requests to reset passwords. It is always best to double check their validity before you click or submit. 

2. Data Breach/Loss. This is a situation when the breach and data loss has already occurred to your cloud computing or backup network. You're frantic, asking yourself, "What can I do now?" It may be ransomware or other type of malware, it could be data theft due to a hacked or stolen company mobile device; it could be data loss due to a natural disaster, such as a fire or flood. The best tool you can have at your disposal in this situation is a secure, encrypted server that allows you to retrieve data through your cloud center. 

3. Insecure API. Cloud networks are typically put at risk by insecure API keys. A large problem with API keys is the inclusion of third-party applications or services where your API keys may be exposed without you knowing adding another attack surface. Attackers with improper or illegal access to keys can cause a denial-of-service or cause fees to rack up in the victim's name. One of the reasons for insecure API keys in networks is the insecure storage of API keys and bad management or not disposing of the API keys once they’re no longer needed. "There is a need to protect these cloud API keys," Jeremy Westerman, Vordel's director of product management, at the RSA Security Conference said, speaking in 2012. "There is a lot of awareness in the industry about protecting, say, SSL keys. Unfortunately, protecting API keys has not reached that level of awareness."

4. Malicious Insiders. There has also been a lot in the news in recent months regarding malicious insiders, like the use of malicious software installs on point-of-sale devices, the trojan horse Delilah information blackmailer, and remote methods of implanting malicious insiders that creep and crawl your data networks for sensitive information. A simple fix for this for IT departments is to always minimize the attack surface of your network so if a malicious insider does gain entry to sensitive data, it is confined to one area. For the unknowing malicious insider, block access to sites where malware flourishes like file sharing sites and porn where Trojans like Delilah freely roam and of course, educate your team on the dangers of these threats.

5. System Vulnerabilities. Some common system vulnerabilities include:

  • Lack of input validation on user input
  • Lack of sufficient logging mechanism
  • Fail-open error handling
  • Not closing the database connection properly

Good solutions to common system vulnerabilities are: better encryption, addressing the OWASP Top 10 vulnerabilities, intrusion detection systems for AWS, and getting a Web Application Firewall WAF) for AWS workloads, to help shore up or eliminate security threats.

Alert Logic can help your IT department or development strategy remain safe and secure with managed cloud security and AWS Vulnerability Scanning options that protect AWS applications and workloads with Cloud Insight, Cloud Defender, PCI compliance for small business, SQL injection prevention, Sox compliance, and a host of other solutions to keep your company safe and solvent when threats and attacks target your data centers

Zero Day, powered by Alert Logic, provides IT security professionals with a broader view of the current state of IT security, vulnerabilities, and cloud security trends. Every quarter, we deliver news, analysis, and commentary on the security challenges that industries face.

About the Author

Joseph Hitchcock - Technical Security Evangelist

Joseph Hitchcock

Joe Hitchcock is passionate when it comes to system and network security. Initially self-taught, he started working as an independent contractor for small businesses doing malware removal and perimeter security. He started at Alert Logic in 2011 as a Network Security Analyst analyzing threat traffic and other attacks. Afterwards, he worked in Security Research and eventually became one of the first Analysts to work on the Web Security team supporting Web Security Manager WAF. He was eventually promoted to a Senior Web Security Analyst where his job included building custom security policies, researching new web attacks and adding custom signatures to better WSM detection.

Email Me | More Posts by Joseph Hitchcock