The cloud has transformed the entire computing industry. The ability to store almost infinite amounts of data coupled with the ability to access this data from anywhere in the world provides a powerful combination of speed and convenience. However, the ability to store and access data remotely is a double-edged sword in that it vastly increases the attack surface and allows for cybercriminals to access that same data without the impediments of physical barriers. Securing cloud-based services presents unique challenges that are rapidly evolving in response to developments in attacks on artificial intelligence (AI) and supply chains. These areas, in addition to misconfigured cloud services, present some of the most frequently attacked aspects of cloud cybersecurity that security teams need to address to adequately protect their data.
AI-Based Cyber Attacks on Cloud Environments
AI is rapidly working its way into every aspect of technology, including the cloud. While this often means smarter, more streamlined solutions, it also means that there are myriad new security considerations that must be taken into account when dealing with AI. Organizations are increasingly employing cloud-based AI platforms as a means of offering scalability and agility in a cost-effective manner. In doing so, these organizations make themselves susceptible to attacks such as denial of service and model data poisoning. Denial of service attacks occur when threat actors overwhelm a system with data that can create unnecessary computational expenses or even cripple a system entirely, whereas model data poisoning is when hackers feed tailored information into the AI learning model that can produce specifically altered results often leading to significant financial and reputational damage.
In addition to the concerns presented by the employment of AI based cloud platforms, cybercriminals are leveraging AI in order to automate some aspects of their cloud based cyberattacks such as designing sophisticated, personalized phishing campaigns that often provide a backdoor into an otherwise secure system. They are also using AI to create advanced malware that evolves in order to avoid detection.
New Attacks on Cloud-Based Supply Chain Systems
While attacks on AI based cloud platforms are an emerging threat, supply chain attacks are well established and present a swiftly growing area of concern for security teams. Supply chain attacks take advantage of large, well-secured organizations often relying on third-party vendors and their programs, which are also known as dependencies. These dependencies are typically smaller programs or snippets of code that companies rely upon to improve elements of their business performance. Attackers focus on inserting malicious code into these dependencies at the source, often gaining access through inadequately secured edge devices. This way, users often download a corrupted program or update that already contains the malicious code. Erin Joe explained during an RSA Conference 2024 panel, Lessons Learned from the Summer of Supply Chain Attacks, “The very things that we use for security are the very things that those threat actors are targeting - things like our firewalls, our VPNs, etc.” Many dependencies also rely on open-source code, which can employ user generated updates. This past year, the now infamous XZ Utils hack took advantage of a widely used open-source compression tool employed by millions of servers around the world. While this was caught before it could take hold, the potential impact of this supply chain attack provided a sobering lesson on the importance of maintaining supply chain integrity. “We do anticipate these aggressive acts continuing,” warned Joe.
Misconfigurations Leading to Cloud Security Vulnerabilities
In his presentation, Don’t Be a Cloud Misconfiguration Statistic in AWS, Azure, or Google Cloud at RSAC 2024, Michael Ratemo explains the dangers of misconfigurations in cloud services. He specifically points out major factors that contribute to misconfiguration such as poor governance, system complexity, lack of visibility and one of the most prevalent causes of all security breaches - human error. Some of the most common ways that these misconfigurations manifest themselves is in instances such as a failure to enforce multi-factor authentication, unrestricted inbound and outbound ports, and overly permissive access policies. These misconfigurations can inadvertently expose infrastructure, sensitive data or applications to unauthorized access and cyberattacks.
Additional Cloud Security Threats
The difficulties with cloud security are not limited to attacks on AI, supply chains, or cloud misconfigurations. It is also important to consider application programming interface (API) vulnerabilities that are exacerbated by the evolution of generative AI that will necessitate end-to-end protection. Zero-day attacks will also continue to increase in frequency as AI assists in the creation of novel attacks and newly developed malicious coding. All of the vulnerabilities in cloud services will lead to an increase in data exfiltration, which can result in the theft and possible exposure of sensitive information.
Recommendations for Security Teams
The difficulties with cloud security are not limited to attacks on AI, supply chains, or cloud misconfigurations. It is also important to consider application programming interface (API) vulnerabilities that are exacerbated by the evolution of generative AI that will necessitate end-to-end protection. Zero-day attacks will also continue to increase in frequency as AI assists in the creation of novel attacks and newly developed malicious coding. All of the vulnerabilities in cloud services will lead to an increase in data exfiltration, which can result in the theft and possible exposure of sensitive information.
Stay Up to Date on Cloud-Based Security
Cloud security is a rapidly evolving field that must contend with artificial intelligence, supply chain-based attacks, and misconfigurations. As attackers become more sophisticated, the tools and approaches that they employ will become more difficult to detect and defend against. Although there are steps that can be taken to ensure the safety of cloud-based services, it will always be necessary to be vigilant and maintain awareness of the threat landscape. It is only by staying educated that security teams can remain ahead of those looking to exploit cloud-based systems for their benefit. To stay informed on the most up-to-date security threats to cloud computing and all other aspects of digital security, explore the extensive Library of cloud security resources available at RSA Conference for in-depth insights and best practices from leading security experts.