Cloud applications and services are a prime target for hackers because poor cybersecurity management and misconfigured services are leaving them exposed to the internet and vulnerable to simple cyberattacks.
Analysis of identity and access management (IAM) polices taking into account hundreds of thousands of users in 18,000 cloud environments across 200 organisations by cybersecurity researchers at Palo Alto Networks found that cloud accounts and services are leaving open doors for cyber criminals to exploit – and putting businesses and users at risk.
The global pandemic pushed organisations and employees towards new ways of remote and hybrid working, with the aid of cloud services and applications. While beneficial to businesses and employees, it also created additional cybersecurity risks – and malicious hackers know this.
"With the pandemic-induced transition to cloud platforms over the past several years, malicious actors have had an easier time than ever following their targets into the cloud," said John Morello, vice president of Prisma Cloud at Palo Alto Networks.
SEE: Cloud security in 2022: A business guide to essential tools and best practices
According to the research, 99% of cloud users, services and resources provide excessive permissions. In most cases, these permissions and administrator privileges aren't needed by regular users, but there's the risk that, if cloud accounts are compromised, cyber attackers could take advantage of excess permissions to modify, create or delete cloud environment resources, as well as moving around networks to help expand the scope of attacks.
Another practice that isn't helping IT departments is poor password security, with the majority of cloud accounts – 53% – allowing weak passwords consisting of under 14 characters, while 44% of cloud accounts allow the user to re-use a password that is linked to another account.
Weak passwords are vulnerable to brute-force and credential-stuffing attacks, where cyber attackers use automated software to test weak passwords against accounts. Accounts will be at particular risk if the password used to secure them is especially common.
Password re-use also creates a risk for cloud accounts. If the user has had their password for a separate account leaked or hacked, attackers will test it against their other accounts. If it's the same password, they'll be able to access the cloud account, which puts the user and the rest of the corporate cloud services at risk from further attacks.
This risk is further exacerbated by cloud accounts being publicly exposed to the web in the first place. According to the research, almost two-thirds of organisations have cloud resources, such as buckets and databases, misconfigured in a way that means they can be accessed without the need for authentication at all.
That means that cyber criminals don't even need to breach credentials to steal sensitive information, they just need the URL. Identifying these buckets and servers, and ensuring they are not exposed on the open web, is a must for cybersecurity teams.
For all cloud services, properly configured IAM can block unintended access, so make sure users are implementing complex, unique passwords – and their accounts should also be protected with multi-factor authentication.
IT departments should also consider whether regular accounts need administrator privileges. While a legitimate user with this level of access might not be considered a risk, an intruder with admin access has the keys to the entire cloud kingdom.