Evolving Threats to Cloud Computing Infrastructure and Suggested Countermeasures

Cloud computing has been an amazing technological breakthrough. Due to its features, such as 24/7 on-demand availability, accessibility from anywhere, scalability, and online storage, it provides many cost benefits for enterprises that run their business operations over the cloud. These organizations need not incur capital expenditure and make huge investments in computing infrastructure. Instead, they can pay only for what they need and scale up as and when they require. In addition, cloud computing leads to lower power costs, lower staff costs and reduced carbon footprint.

As a result, cloud adoption is occurring at a fast rate globally. According to the Flexera 2024 State of the Cloud report, “The shift towards hybrid and multi-cloud environments underscores the importance of comprehensive cost management, with nearly half of all workloads and data in the public cloud, and organizations’ usage of multi-cloud has gone up to 89% this year from 87% last year.”

However, with the increased usage of cloud computing over the past several years, security threats have increased exponentially. We will review below some of the current cloud attack types and emerging threats, along with possible countermeasures, drawing upon select research reports published in 2023 and 2024.

Cloud Computing: Current Threats and Vulnerabilities

As per Palo Alto Networks’ Unit 42 latest attack surface threat research report, four out of five security vulnerabilities observed in organizations across all sectors come from cloud environments. This report outlined the most common security flaws, of which 60% come from web framework takeover (22.8%), remote access services (20.8%) and from IT security and networking infrastructure (17.1%).

It also highlighted how constant changes in cloud offerings significantly impacted the user’s exposure. The threat research team’s recommendations are as follows:

1. Maintain a comprehensive, real-time understanding of all internet-accessible assets
2. Regularly review and update cloud configurations
3. Foster collaboration between security and DevOps teams
4. Focus on addressing the most critical vulnerabilities and exposures.

Meanwhile, according to the Google Cloud Cyber Security Forecast 2024 report, the year 2024 will witness generative artificial intelligence and large language models (LLMs) being used in phishing, and SMS and social engineering operations by attackers to spread fake news. In the insight report on the Global Cybersecurity Outlook 2024 published by World Economic Forum in January 2024, the majority believe that “In the next two years, Generative AI will provide Cyber advantage to attackers (55.9%).”

Therefore, generative AI will be the major evolving threat for cloud computing.

Here are five other top cloud vulnerabilities:

1. Cloud misconfigurations
Any cloud misconfiguration involving cloud components such as storage, networking, access controls, etc., can lead to cyberthreat exposure. It was reported last year that Japanese automaker Toyota said approximately 260,000 customers’ data were exposed online due to a misconfigured cloud environment. Some of the remedial measures include:

• Hardening the servers and closing the open ports
• Ensuring the functioning of logging mechanisms
• Strengthening access controls
• Periodic configurations audits
• Secure storage in cloud

2. Multi-cloud vulnerabilities
As mentioned above, 89% of organizations are using multicloud this year, which leads to shared technology vulnerabilities. Vulnerabilities in common software design, web browsers, and common database systems can cause phishing and malware attacks, data breaches and other security issues. Remediation measures include:

• Hardening servers and firewalls per best practices and standards
• Network segmentation and proper de-militarized zone (DMZ) management
• Patch management schedule per vendor recommendations
• Secure architecture implementation, following security by design methodology

3. Lack of secure APIs
In November 2022, a Twitter API security breach exposed the personal data of 5.4 million users. Part of the data was sold on the dark web, and the remaining was released for free. See my previous thoughts here on API security.

4. Lack of transparency
A lack of transparency due to insufficient monitoring mechanisms, a lack of insight into user activities, and sometimes even real-time reports slows down the unusual behavior detection and even the chance to detect any known attack patterns. Research conducted by Illumio in 2023 states that nearly half of all data breaches are originating in the cloud, costing organizations an average of US$4.1million, with 95% of the survey respondents pointing to the lack of visibility and delay in responding to attacks as the main reason. Robust logging and monitoring mechanisms can be a good measure to improve visibility and transparency.

5. Serverless architecture vulnerabilities
The global serverless architecture market size crossed US$7.6 billion in 2020 and is expected to grow at a CAGR of 22.7% to reach US$21.1billion by the end of 2026. Serverless architecture means the cloud provider provides the servers and we need to upload our code and operate. This is known as Function as a Service (FaaS), where the billing is done based on the number of network requests and activity that occurs on the deployed functions. Serverless architecture vulnerabilities can be effectively remediated through robust software development practices and granting correct access control permissions on serverless functions.

From a 2023 industry research report, findings of the common types of cyberthreats and attacks in cloud computing are displayed below:

The most common threats and attacks in the cloud computing environment as shown in the figure above are:

1. Data loss or data leakage
2. Denial of Service or Distributed Denial of Service attacks
3. Man-in-the-Middle attack
4. Malware
5. Botnets
6. Social engineering
7. Account hijacking

The most common mitigation techniques adopted as mentioned in the research report are as follows:

1. Intrusion prevention systems
2. Two-factor authentication
3. Firewalls
4. Machine learning and artificial intelligence
5. Data encryption

The research report concludes that the biggest threat in cloud computing is data leakage and the most recommended technique is IPS or IDS to mitigate the threats in cloud computing.

Protect Your Cloud Infrastructure

Cloud computing is an amazing evolution that provides advantages like more flexibility, availability, increased performance and efficiency, while helping to lower IT costs. Importantly, it accelerates innovation by easily collaborating with AI and machine learning use cases to execute its operations. 

However, the cloud also faces serious threats from AI and machine learning. In addition, cloud operations and its deployment methodologies also pose challenges in securing data and privacy. Therefore, in addition to deploying traditional security countermeasures, we should have a robust strategy to protect cloud infrastructure from AI-enabled cyberattacks.

Author’s note: The opinions expressed are of the author’s own views and do not necessarily represent that of the organization or of the certification bodies he is affiliated to.