Unlocking Insights: Extracting Value from ServiceNow Knowledge
By Cameron Boote, ServiceNow Architect I recently had the privilege of attending Knowledge23, ServiceNow’s annual user conference in Las Vegas. Throughout the three-day event I...
Cyber criminals can use the cloud environment to obtain access and use of the owner’s environment or to use cloud services for hacking other environments. Cloud environments are not always leveraged by a cybercriminal for the direct value in monetary gain, but for the potential of leveraging the resources to help them gain monetary gain from other networks and cloud environments.
For example, if a company has a test environment that they consider not as “important” to protect, they will often create security gaps by not managing or maintaining it. These environments are prime targets for cyber hackers to consider for using cloud as an object to conduct an attack on another cloud, on-premises environment, or even using it for crypto cloud mining gains.
The important thing for organizations to know is that, regardless of what data is in an environment, it must be protected and managed regularly.
Here are the methods by which a Cloud Environment can be hacked:
DDoS Attacks are when multiple systems flood the bandwidth or resources of a targeted system which causes the services to be unavailable. If your organization cannot combat a DDoS attack, you lose revenue. It is very simple to conduct and can be a bit taxing to counteract if your environment is not setup based on security best practices.
DDoS attacks can be used as a distraction; while all the IT staff is focused on resolving the issue there is more opportunity to try to infiltrate another aspect of your network. Luckily, many cloud providers offer a service to mitigate from DDoS attacks, but this does not mean that you should not consider a layered approach to your Cloud Network and workloads.
A brute force attack is another hacking method that uses trial and error to crack passwords, login credentials, and encryption keys. The attackers use excessive forceful attempts to gain access to user accounts. This type of attack only accounts for 5% of the security breaches and is less likely to occur unless the attacker has found information about who you are.
An example of this is if they know your dog’s name is George, they may try to use George1234, 123456 and so on to hack your account. Most brute force attacks stem from guesswork, but it is helpful if the attacker has done some research about who you are, where you live, what you do for fun, etc. Then they can have a better chance at cracking your password or passphrase.
Credential Stuffing is basically when the cyber hacker uses exposed data to conduct an attack. It is much like a brute force attack except the data is known usernames and passwords of the individual. Also, this is usually done through a tool or an API. The best way to reduce this risk is to set rate limits for authentication and abnormal user behavior monitoring as well.
There are workarounds a hacker can use such as throttling the number of times a username or password is tried to keep under the rate limits. The other useful solution is multifactor authentication as well as having your employees use identity guard solutions for business accounts and their personal accounts, to know if passwords need to be changed and never used again.
One of the most common ways that cloud environments are breached is through misconfigurations. To avoid a breach, make sure you are encrypting storage and communication paths such as Site to Site or VPN or Private access routes to the Cloud, instilling the least privilege model for permissions, changing default settings in every environment, and enabling proper security controls. Attacks happen in the cloud from either stolen credential via phishing attacks, or simple open access to cloud environments.
A good example of this is if you are setting up a webserver – and you keep the default files in the default location – a hacker can search that index file freely on the web know what version of the webserver you are using and check what vulnerabilities exist. As a best practice, never keep anything default or open to the public.
Server-side request forgery (SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker’s choosing. These attacks are used to target systems that are behind the firewall and have restricted access from non-trusted networks. For example, if your webserver is not configured with additional security or protection a cybercriminal could easily manipulate your URL to gain access to further information about the webserver or directories.
Hackers can use various free tools to fingerprint your entire network by just using your domain name. Simply from your website, they can try to find the name server, mx server, DNS Name, any tracking codes, IP addresses, Network Block, etc. If they can determine that there is an email server, there are basic information of mail servers can be extracted as communication ports are the same.
It is important that your organization conducts a regular penetration test to make sure vulnerabilities are addressed. Most importantly have a form of change control so there are not recent changes being made without an approval process.
In my career, I have experienced several assessments that I have conducted where employees advise me that they just set up a new webserver and there is no data stored in it, but everything is default. Or they let a port open because they were doing testing and forgot to close it. This becomes a risk because it can be used to open the door to the environment. Always ensure security practices are in place and enforced for any new deployment even if it is not a production environment.
If you have any questions or want more information about our cybersecurity services, please give us a call. Dial 888-YOUR-SDI (888-968-7734) to explore how the SDI Cyber Team can protect your organization’s IT assets.
About SDI’s Guest Blogger
SDI’s Director of Solutions GALAXIA MARTIN brings over 20 years of experience in implementing complex IT solutions, infrastructure technologies, and cybersecurity measures. She has designed and led innovative solutions for large organizations while optimizing and increasing growth within support operations. As an IT expert, Galaxia continuously researches and studies innovative technology systems, cyber risks, and industry trends to stay ahead in a rapidly evolving technology environment.
Galaxia holds a master’s degree in Information Systems and is a Certified Ethical Hacker.