The National Security Agency has released a detailed examination of methods used to attack cloud providers. There is growing concern these services could be a weak spot in companies’ cyber security defenses in 2020.
The NSA advisory contains detailed descriptions of attack methods observed by U.S. intelligence agencies and steps on how to counter them.
Cloud providers and managed service providers are attractive targets for hackers, as a successful attack could provide access to sensitive systems for dozens or hundreds of client companies.
The guidance focuses on four primary areas of cloud security:
Misconfigurations in cloud systems
As an example, the NSA cited configuration errors from defense contractors that exposed data from the National Geospatial-Intelligence Agency in 2017.
Poor access controls, such as weak authentication methods
The agency said the Iran-based Mabna hacking group has been able to bypass multi-factor authentication systems by subverting other controls.
Some systems that allow several companies to be hosted on the same cloud server can be vulnerable to attack, the NSA warned, enabling hackers to attack multiple targets with one successful breach.
The NSA cited the ShadowHammer cyberattack campaign in March, which used flaws in computers made by Asustek Computer Inc. to install malware through legitimate software updates as one example.
Malicious insiders, criminals and nation-states are examining weaknesses in cloud security, the NSA said, with varying objectives. Criminals and insiders might look to exploit sensitive information or destroy it, for instance, while nation-states might attempt to use access to these servers to gain entry to more sensitive systems at a cloud provider’s customer. Untrained or neglectful employees also could inadvertently allow attackers to gain access to sensitive information by failing to properly follow security procedures, the agency said.