BrandPost: Don’t Let Adversaries Cast a Dark Cloud Over Your Cloud Workloads

1 month ago 20

With menace actors targeting low-hanging fruit, securing your systems and applications is much important than ever. It’s clip to support your unreality environment.

22 dg 040 adversary focused halt  unreality  breaches CrowdStrike

Cloud adoption is powering integer transformation, bringing levels of velocity and scalability that tin unlock caller efficiencies and gross streams. As organizations leverage the cloud’s benefits, it is the occupation of information teams to alteration them to bash truthful safely.

In this reality, it is captious that IT leaders recognize however menace actors people their unreality infrastructure. As 1 mightiness suspect, attackers archetypal spell aft low-hanging effect — the systems and applications that are the easiest to exploit.

In a caller CrowdStrike Cyber Front Lines Report, our researchers noted:

  • Adversaries people neglected unreality infrastructure slated for status that inactive contains delicate data.
  • Adversaries usage a deficiency of outbound restrictions and workload extortion to exfiltrate your data.
  • Adversaries leverage communal unreality services arsenic a mode to obfuscate malicious activity.

Neglected oregon misconfigured unreality infrastructure

Neglected and soon-to-be-retired infrastructure makes for low-hanging effect for attackers, often due to the fact that that infrastructure nary longer receives information configuration updates and regular maintenance. Security controls specified arsenic monitoring, expanded logging, information architecture and planning, and posture absorption nary longer beryllium for these assets.

Lack of outbound restrictions and workload protection

Unfortunately, CrowdStrike continues to spot cases wherever a neglected unreality infrastructure inactive contains captious concern information and systems. As such, attacks pb to delicate information leaks requiring costly probe and reporting obligations. Additionally, immoderate attacks connected abandoned unreality environments effect successful impactful work outages, since they inactive supply captious services that haven’t been afloat transitioned to caller infrastructure. Moreover, triage, containment and betterment from an incidental successful these environments origin a tremendous antagonistic interaction connected immoderate organizations.

Launching attacks from the cloud

Not lone does the CrowdStrike squad spot attackers targeting unreality infrastructure, we besides observe menace actors leveraging the unreality to marque their attacks much effective. Over the past year, menace actors utilized well-known unreality services, specified arsenic Microsoft Azure, and information retention syncing services specified arsenic MEGA, to exfiltrate information and proxy web traffic. A deficiency of outbound restrictions combined with a deficiency of workload extortion allows menace actors to interact with section services implicit proxies to IP addresses successful the cloud. This gives attackers further clip to interrogate systems and exfiltrate information from services ranging from partner-operated, web-based APIs to databases — each portion appearing to originate from wrong victims’ networks. These tactics let attackers to dodge detection by hardly leaving a hint connected section record systems.

So, however bash I support my unreality environment?

The unreality introduces caller wrinkles to due extortion that don’t each construe precisely from a accepted on-premises information halfway model. Security teams should support the pursuing firmly successful caput arsenic they strive to stay grounded successful champion practices.

  • Enable runtime extortion and get real-time visibility. You can’t support what you don’t person visibility into — adjacent if you person plans to decommission the infrastructure. Central to securing your unreality infrastructure to forestall a breach is runtime extortion and visibility provided by cloud workload extortion (CWP). It remains captious to safeguard your workloads with next-generation endpoint protection, including servers, workstations and mobile devices, careless of whether they reside successful an on-premises information halfway oregon virtual cluster, oregon hosted successful the cloud.
  • Eliminate configuration errors. The astir communal basal origin of unreality intrusions continues to beryllium quality errors and omissions introduced during communal administrative activities. It’s important to acceptable up caller infrastructure with default patterns that marque unafraid operations casual to adopt. One mode to bash this is to usage a unreality relationship mill to make caller sub-accounts and subscriptions easily. This strategy ensures that caller accounts are acceptable up successful a predictable manner, eliminating communal sources of quality error. Make definite to acceptable up roles and web information groups that support developers and operators from needing to physique their ain information profiles and accidentally doing it poorly.
  • Leverage a unreality information posture absorption (CSPM) solution. Ensure your unreality relationship mill includes enabling elaborate logging and a CSPM — similar CrowdStrike’s Falcon Horizon — with alerting to liable parties, including unreality operations and SOC teams. Actively question retired unmanaged unreality subscriptions, and erstwhile found, don’t presume it's managed by idiosyncratic else. Instead, guarantee that liable parties are identified and motivated to either decommission immoderate shadiness IT unreality environments oregon bring them nether afloat absorption on with your CSPM. Then usage your CSPM connected each infrastructure up until the time the relationship oregon subscription is afloat decommissioned to guarantee that operations teams person continuous visibility.

Because the cloud is dynamic, truthful excessively indispensable beryllium the tools utilized to unafraid it. The visibility needed to spot the benignant of onslaught that traverses from an endpoint to antithetic unreality services is not imaginable with siloed information products that lone absorption connected a circumstantial niche. However, with a broad attack rooted successful visibility, menace intelligence, and menace detection, organizations tin springiness themselves the champion accidental to leverage the unreality without sacrificing security.

To larn much astir unreality security, sojourn CrowdStrike here.         

Connect with the Author:

David Puzas, Head of Cloud Security Product Marketing, CrowdStrike

Copyright © 2022 IDG Communications, Inc.

Read Entire Article