In last week’s blog post, we discussed the seriousness of cloud misconfigurations and the impact they can have on organizations as they move to the cloud. The fallout from cloud misconfigurations can be severe: steep regulatory fines, loss of customer data, damage to your reputation, or loss of customer trust.
In this post, we address some of the most common cloud infrastructure misconfigurations and consequences resulting from the misconfiguration.
AWS Security Group Misconfigurations
AWS security groups are associated with EC2 server instances and provide security at the port and protocol access level. A security group misconfiguration can allow an attacker to access your cloud-based servers and exfiltrate data. A common security group misconfiguration is to make a server accessible from the Internet on SSH port 22 for debugging or troubleshooting. This configuration makes it easy for malicious users to gain access to servers from anywhere in the world.
Failure to Audit Resources
When companies acquire a new company or new assets, it can be easy to forget to audit the resources for security compliance. In the case of FedEx, over 119,000 scanned documents were exposed during a data breach when an Amazon S3 storage server was left open without a password. The documents included passports and driver's licenses. The server belonged to Bongo International and was unsecured prior to FedEx purchasing the company. After the acquisition, FedEx failed to scan the resources for compliance and left it unsecured for several years. Experts at the Kromtech Security Center found the exposed server.
Default Account Credentials
81% of hacking-related breaches are due to either stolen, default, or weak passwords, according to the Verizon Data Breach Investigations Report. Not changing the default credentials makes it easier for hackers to access your systems, change your access, and escalate their privileges. Things can get worse if the stolen identity belongs to a privileged user with unrestricted access to all areas of your network.
In this example, researchers at Hold Security discovered that some of the accounts on Equifax’s website in Argentina used the default username and password “admin”. With this information, the company was able to access the personal information of more than 100 individuals. The personal information included their names, email addresses, and national ID numbers. While this example is not a security breach, it does highlight the vulnerabilities associated with not changing your default account credentials.
The risk of a heightened security breach due to cloud infrastructure misconfiguration is real. Organizations need to be able to find and correct misconfigurations immediately.
To learn more about the risk of cloud misconfiguration, check out The One Cloud Security Metric Every CISO Should Know in Forbes, by Josh Stella, Fugue’s Cofounder and CTO.