Beware a Hacker's Precision Strike in Your Cloud Environment
So, you think your data is safe because you stored it “in the cloud”? If your company is amongst a majority of businesses who decide to transfer to the cloud, you might be wondering if you should still be concerned about secure cloud computing. On one hand, you would have lower costs, added control, and a higher level of protection against security breaches; on the other hand, you are not impenetrable or immune to cyberattacks. While some things become safer, there is a whole new set of concerns and security challenges presented once you move to the cloud.
Let’s start with the simplest of security elements. THE PASSWORD. Phishing is still incredibly popular amongst hackers, and highly successful as well. While technology continues to evolve, human nature remains the same, and it is easy to appeal to human vulnerability with emails disguised to trick the recipients. Even if you are utilizing Amazon Web Services (AWS), a highly recognized cloud hosting platform, a hacker could send a deceitful email with a malicious link embedded within it. Hackers can use these links to lead you to a false login page that is disguised as the true cloud computing login, but actually utilized to capture your login credentials. This simple and inexpensive way to breach a firm’s credentials is one of the most commonly used tricks, and often undetected at first. A strong defense against this line of attack would be to enable two-factor authentication.
When this option is enabled in AWS, you are required to enter in a 6-digit code sent to you via text message or a downloaded app.
Phishing has unfortunately evolved into more sophisticated approaches and categories. Two new categories include smishing and spear phishing.
Smishing is a form of phishing where a hacker attempts to deceive a user into providing private information via a phone call or text message on their cellular device. Social engineering is becoming a prominent way to engage with top-level executives and get their login information for their cloud computing environment.
Spear phishing also uses social engineering attempts to learn more about employees and their organization to gather sensitive information. The famous Target breach in 2014 was actually initiated with a spear phishing attack against their HVAC vendor.
In an effort to create a more secure cloud computing environment, the root password and access should not be used for administrative tasks. Creating separate accounts with appropriate privileges creates that added level of security, preventing an attack on the root password.
Now back to the first line of defense: THE PASSWORD! Once more, this is the simplest way to gain access to what you think is a secure cloud computing environment. Over 83 percent of people surveyed stated they use the same password for multiple sites. While your guard might be up when it comes to logging into a site such as AWS, if a hacker is able to get your LinkedIn password or your password to your personal email, then they will most likely attempt to use the same credentials to get into your more secure data. A simple solution to this is to create a unique password for cloud environment access and store it using a password manager.
Another simple approach hackers take is to take possession of AWS keys. These keys allow access to the cloud servers, and although they are a complex sequence of characters, if hackers get access to the keys, the cybercriminals will then have full control of your AWS servers! To mitigate such threats, it is important to ensure employees never send keys over email and to require strict training for anyone with access. Additionally, the keys should only be store on machines with encryption to prevent theft. Amazon does offer a service that monitors the cloud platform, and you can configure alerts to be sent internally if a breach is detected.
Ultimately, though cloud computing is a secure environment to store data, it is also an added target for hackers. Skilled hackers see these opportunities as a dream come true because sensitive data is all stored in one location. Hackers are resorting to malware attacks on servers, which can cause businesses to lose a great deal of data. The best defense is to ensure data is backed up. The advantage of a secure cloud platform is the ability to create a secure backup so that in the event of a hack, your firm can restore their data onto a secure server.
In order to maintain great security and continue to take advantages of cloud computing, organizations must understand the strategies necessary to recover from possible breaches and provide extensive training to limit human error.