For weeks, the cybersecurity experts and government agencies have urged organizations to improve their cyber defenses due to the increased threat of cyber attacks amid the Russian invasion of Ukraine. This means not only improving detection and response to emerging threats, but also reinforcing the resilience of the infrastructure so that it can better withstand attacks.
Cloud resources are especially vulnerable, as many of them have been accidentally misconfigured and are left exposed, unprotected. Therefore, databases and cloud storage spaces could be an attractive target for attackers if fears materialize that cyberattacks will escalate beyond the conflict in Ukraine. In fact, researchers have already observed incursions into various cloud databases over the past few weeks, and there are plenty of cybercriminals waiting to take advantage of the situation.
The problem with databases
The challenge is that cloud storage and databases are easily misconfigured. And once they are exposed, they can be found relatively easily with Internet scanning tools. This exemplifies the challenge for defenders, who need to hit the safety every time, while attackers only need to get lucky once.
The challenge is especially acute given the complexity of modern enterprise cloud environments. Most organizations are running a mix of on-premises and public/private clouds, and investing with multiple providers to spread their risk. A report suggests that 92% have a strategy multi-cloud, while 82% are investing in hybrid cloud. It’s hard for IT teams to keep up with the functionality of just one cloud service provider (CSP), let alone two or three. And these CSPs are constantly adding new features in response to customer requests. While this provides organizations with a huge set of granular options, it arguably also makes it more difficult to do the simple things well.
Databases and cloud storage spaces could be an attractive target for attackers
This is especially problematic for developer or DevOps teams, who often don’t have specialized security training. A recent analysis of more than 1.3 million apps for Android and iOS revealed that 14% of those using public cloud services in their back end exposed user information through misconfigurations.
Cloud systems are already in the spotlight
In the event of an escalation of hostilities, exposed cloud systems would be a natural target. Many of them are relatively easy to discover and compromise: accounts left open, password protection, and other multi-factor authentication methods, for example. In fact, researchers have already observed offensive cyber activity of this kind, in this case targeting cloud databases located in Russia.
From a random sample of 100 misconfigured cloud databases, the investigation found that 92 had been compromised. Some had file names replaced with anti-war messages, but most were completely erased by a simple script.
The risk for Western organizations is therefore:
- Ransom request for compromised files: Recently released information suggests that pro-Russian cybercriminal groups are preparing to attack targets. They may combine objectives of the type hacktivist with tactics designed to monetize attacks. The content of cloud databases has already been hijacked many times.
- destructive attacks: As already noted, it is relatively easy to completely erase the contents of cloud databases, once they have been accessed. It is said that the script detected in recent pro-Ukrainian attacks resembles the one used in the 2020 “Meow” attacks.
- data leak: Before completely erasing data, cybercriminals may attempt to analyze it for sensitive information and filter it first to maximize financial and reputational damage inflicted on victim organizations.
How to protect databases in the cloud
Unfortunately, meeting the challenge of cloud deconfiguration is not as easy as flipping a switch. However, there are several changes that can be made starting today to help mitigate the risks noted above. Among them are:
- Strategy ‘shifting left’ in DevOpsby building automated configuration and security controls into the development process.
- Continuous management of configuration settingswith cloud security posture management (CSPM) tools.
- Use built-in CSP tools for monitoring and secure management of cloud infrastructure.
- Use of policy tools as code (PaC) to automatically scan and assess cloud compliance posture.
- Encrypt sensitive data as standardso that if access controls are left misconfigured, cybercriminals can’t see what’s inside.
George is Digismak’s reported cum editor with 13 years of experience in Journalism