Working with public cloud infrastructure without the right understanding of risks and security challenges may prove to be a risky bet today. One of the most critical spots where attackers look for vulnerability is the cloud Identity and Access Management (IAM) layer, which many companies often fail to secure. A lack of effective identity and access management poses significant risks not only to compliance, but also overall security. The Capital One breach is one such recent example.
Research conducted by XM Cyber's Igal Gofman, Head of Security Research, and Yaron Shani, Senior Security Researcher, suggests a new attack vector in cloud providers' API can be exploited by adversaries to gain highly privileged access to critical assets in the cloud.
What was found in the research?
Researchers found that cloud APIs' accessibility over the Internet opens new possibilities for adversaries to plan their attack. The researchers note that current security practices and controls are not sufficient to mitigate the risk posed by the misconfiguration of the public cloud.
The weak link
Traditional protections primarily focus on network, application, and operating system defense.
Organizations can protect themselves from such attacks by following best practice guides from cloud providers. Large and complex organizations need to constantly monitor attack paths since they often have trouble tracking and monitoring permissions in large cloud infrastructures. Analyzing attack paths would also help in identifying high-value cloud resources, which can then be evaluated for risk factors.