Smart parking system using IoT

Cloud Computing Vulnerabilities

Cloud Computing Vulnerabilities

 Many organisations have shifted to cloud computing because of enhanced security but it does not make it impenetrable. As security methods evolve likewise, attack strategies evolve too. The pandemic has increased cloud users to up to 50%. In 2020, a 7.5 million external DDoS cloud attack was performed in Q2 on cloud accounts. Cyber criminals scan for cloud servers without any passwords, exploit systems which have not been patched and perform brute force attacks to gain access to user accounts. Some try to plant ransomware or steal confidential data, while some use cloud systems for cyptojacking or organised DDoS attacks.

There are 5 cloud vulnerabilities that are on the rise during 2021 and they are listed below:

  1. Account Hijacking

It is commonly known as session riding. This involves the stealing of account usernames and passwords from users. There are multiple ways whereby an attacker can obtain user credentials such as phishing, brute force attacks (guessing passwords with the help of a software), keyloggers (a program that records the keystrokes of the user and proceeds to send it to the attacker), among others.  

  1. Data Breaches

As per Verizon’s 2019 Data Breach Investigation Report, nearly 50% of data breach victims are small enterprises. One of the main reasons small businesses are affected by data breach is because their level of security is not as strong as global corporations. The aftermath of data breaches is very detrimental to the targeted organisation as intellectual property has been lost and this will enrage employees and customers who may take legal actions against the company and the latter will have to pay a fine or other penalties. These are just financial concerns. The company will have a huge negative blow on its reputation and Goodwill: New customers would not want to give away their personal information to a company which has just been affected by a data breach. Moreover, existing customers will shift to another company as they no longer trust the company with their personal information.

  1. Malicious Insiders

Malicious insiders are employees, contractors or even business partners with ill intentions who want to achieve vile ends while still being part of the company as they have access to a plethora of confidential information concerning the company. As per a 2020 Ponemon report, internal attacks rose by 47% in 2018 and its cost increased by 31%.

  1. Insecure APIs

Application user interfaces (APIs) are often used in offices due to its convenience. Since most offices have shifted to remote working, APIs make it less tiresome to share information between multiple applications. This will in turn boost efficiency as employees will not have a hard time sending and receiving feedback, working with other colleagues on a particular project, among others.

On the flip side of the coin, attackers can find a way to turn this convenience into a headache by exploiting vulnerable APIs. Through the latter, attackers can launch a DDoS attack and consequently have access to the company’s sensitive information. The targeted companies would not get a whiff that their data is being stolen as attackers use several evasion methods. As per Gartner, API attacks will become very common by 2022. Hence, companies should perform regular checks and tests to patch up any vulnerabilities to avoid greater damage in the future.

  1. System Vulnerabilities

System vulnerability can occur due to the addition of an already compromised third-party application leading to system hazards or it can even arise due to the misconfigurations in security tools found within the cloud systems. There are common system vulnerabilities that will have a detrimental impact on cloud services and these include: absence of input validation on user input, database connections are left open, inadequate error handling and not enough logging and monitoring.

 Cloud Vulnerabilities Mitigation Techniques

– Daily security checks should be performed so that it can be known who has accessed which data.

– Ensure that servers are encrypted and secure and that afterwards, data can be recovered from the cloud centre.

– It is better for companies to conduct penetration tests so that they will have an idea about the vulnerabilities their system has and will know the attack pattern and vector of an attacker.

– Use MFA to reinforce verification controls.

– Choose wisely with whom API keys should be shared with. Discard API keys when they are no longer needed.

– Implement the use of Web Application Firewall (WAF) to safeguard web applications from cloud computing attacks and threats like DDoS, SQL injections and Man-in-the-middle attacks.  

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top