The attackers are using cloud applications as launchpads for triggering cyber attacks on the Internet. It has become indispensable for enterprises to keep track of the active cloud applications in the network for detecting malice. Generally speaking, cloud applications have not been not effectively managed in the enterprises as IT departments do not have robust mechanisms to detect insecurities persisting in the cloud applications. As a result,  enterprises are encountering a problem of Shadow IT^[1], a terminology used for highlighting devices and unauthorized applications that remain activated under the radar of the IT department. Shadow IT renders organizations more vulnerable to cyber attacks because Shadow IT infrastructure is not monitored by organizations for detecting potential threats and vulnerabilities. The problem of Shadow IT is required to be addressed to avoid security implications thereby successfully maintaining compliance by adhering to dedicated corporate security policies.

The enterprises have to combat cyber attacks^[2] that exploit cloud applications for nefarious purposes such as Intellectual Property (IP) theft, hosting and distributing malicious code, data exfiltration, data destruction, etc.  In addition to that, cloud applications are becoming sources of data leakage in the enterprises because sensitive documents are shared in an insecure manner that could potentially leak information to unauthorized entities. this can prove very disastrous for the enterprises considering business risks.  To detect threats in cloud applications, it is imperative for the IT departments to first unveil the Shadow IT infrastructure in the enterprise networks before any threats are detected.

There are many risks associated with the insecure use of cloud applications that can support the execution of cyber attacks at different phases. It is critical to understand the security risks in cloud applications. A number of them are discussed below:

1. Traffic hijacking by stealing SaaS applications’ credentials allows the malicious actors to eavesdrop on the network traffic flowing between users and the cloud applications

2. Data loss and information exposure in cloud applications help malicious actors to gather more intelligence about the critical assets of the enterprises

3. Cloud applications are also used as platforms for distributing malicious code on the Internet, launching illegal activities such as Denial -of-Service (DoS) attacks and others

4. Organizations are facing a severe risk from malicious insiders  — threats present within the organization that can easily steal confidential and proprietary information to share with external actors. Malicious insiders (or Insider threats) can be very damaging for the organizations. Federal Bureau of Investigation (FBI) highlighted many personal factors^[3] such as personal greed, revenge, ego, etc.  as motivational factors for targeting organizations from within.

All the risks highlighted above ease out the process of conducting cyber attacks. The cloud security issues are required to be dealt by building multi-layer protections. To conclude, highly advanced and next generation solutions are needed to secure the cloud applications and to combat threats residing therein.

Aditya’s book, Targeted Cyber Attacks is available for purchase on the Elsevier Store.

Use discount code “STC215” at checkout and save up to 30% on your very own copy!

About Author:

Aditya K Sood (Ph.D)  is  a Lead Architect for Cloud Threat Labs at Elastica. Dr. Sood has research interests in malware automation and analysis, application security, secure software design and cybercrime. He has worked on a number of projects pertaining to penetration testing specializing in product/appliance security, networks, mobile and web applications while serving Fortune 500 clients for IOActive, KPMG and others. He has authored several papers for various magazines and journals including IEEE, Elsevier, CrossTalk, ISACA, Virus Bulletin, Usenix and others.

His work has been featured in several media outlets including Associated Press, Fox News, The Register, Guardian, Business Insider, Kaspersky Threatpost, CBC and others. He has been an active speaker at industry conferences and presented at BlackHat, DEFCON, HackInTheBox, RSA, Virus Bulletin, OWASP and many others. Dr. Sood obtained his Phd from Michigan State University in Computer Sciences. Dr. Sood is also an author of “Targeted Cyber Attacks”​ book published by Syngress.

Company Website: http://www.elastica.net

Personal Website: http://adityaksood.secniche.org

References:

^[1] https://www.elastica.net/q2-2015-shadow-data-report/

^[2] https://www.safaribooksonline.com/library/view/targeted-cyber-attacks/9780128006047/xhtml/CHP009.xhtml

^[3] https://www.fbi.gov/about-us/investigate/counterintelligence/the-insider-threat