Attacks from the cloud
Posted: Mon Feb 10, 2025 3:39 am
Abandoned and soon-to-be-decommissioned infrastructure is a prime target for attackers, often because it no longer receives security configuration updates and regular maintenance. Security controls such as monitoring, advanced logging, security planning, and security management cease to exist for these assets.
No restrictions on outgoing data and container lifecycle security
Unfortunately, there are still cases where abandoned cloud infrastructure still contains business-critical data and systems. Attacks result in sensitive data leaks that require costly investigations australia mobile database reporting. Additionally, some attacks on abandoned cloud environments result in service disruptions as they continue to provide critical services that have not been fully migrated to the new infrastructure. The cleanup, containment, and recovery of such an incident also has a huge negative impact on some organizations.
Attackers are not only attacking cloud infrastructure, but are also using the cloud to increase the effectiveness of their attacks. Over the past year, attackers have used well-known cloud services like Microsoft Azure and data synchronization services like MEGA to exfiltrate data and proxy network traffic. The lack of outbound traffic restrictions, coupled with insufficient workload protection, allowed attackers to communicate with on-premises services through proxies to IP addresses in the cloud. This gave attackers additional time to interrogate systems and exfiltrate data from a variety of services, from web APIs used by partners to databases, while making it appear as if the attack was originating from within the victim’s networks. This tactic allowed attackers to evade detection, leaving virtually no trace in local file systems.
No restrictions on outgoing data and container lifecycle security
Unfortunately, there are still cases where abandoned cloud infrastructure still contains business-critical data and systems. Attacks result in sensitive data leaks that require costly investigations australia mobile database reporting. Additionally, some attacks on abandoned cloud environments result in service disruptions as they continue to provide critical services that have not been fully migrated to the new infrastructure. The cleanup, containment, and recovery of such an incident also has a huge negative impact on some organizations.
Attackers are not only attacking cloud infrastructure, but are also using the cloud to increase the effectiveness of their attacks. Over the past year, attackers have used well-known cloud services like Microsoft Azure and data synchronization services like MEGA to exfiltrate data and proxy network traffic. The lack of outbound traffic restrictions, coupled with insufficient workload protection, allowed attackers to communicate with on-premises services through proxies to IP addresses in the cloud. This gave attackers additional time to interrogate systems and exfiltrate data from a variety of services, from web APIs used by partners to databases, while making it appear as if the attack was originating from within the victim’s networks. This tactic allowed attackers to evade detection, leaving virtually no trace in local file systems.