Cloud Computing – 2022 Top Threats – part 6
Cloud Storage Data Exfiltration
The exfiltration of data from cloud storage refers to the unauthorized access, viewing, theft, or usage of sensitive, confidential, or protected information by someone outside of the organization’s control. This can be the result of a targeted attack, exploiting vulnerabilities or misconfigurations, insecure applications, or inadequate security measures. The exfiltrated data may include personal health records, financial information, personally identifiable information (PII), trade secrets, and intellectual property, among others, which was not meant to be disclosed to the public.
In most instances of data exfiltration, the victims are unaware that their data has been lost. On occasion, perpetrators might inform the organization of the data loss if it aligns with their motives, such as obtaining financial benefits or deploying ransomware. Nonetheless, in certain situations, the exfiltration may go undetected for a considerable duration, rendering any corrective actions useless.
Data is a valuable asset, and the cloud offers numerous benefits in terms of ease of use, customization, flexibility, robustness, and an array of services that cater to a wide range of needs, making it an attractive option for data storage. However, this also increases the risk of data exfiltration through various channels, including human error or misuse, such as the improper configuration of a Platform as a Service (PaaS) service. Additionally, stored objects may reveal sensitive information or files shared through personal cloud storage applications, leading to data exfiltration.
Another avenue for cloud storage data exfiltration is through a phishing attack that manipulates an application or service. The starting point of the breach could result in the stealing of login credentials or unauthorized entry to the cloud data. From there, the attacker may take various actions such as extracting the data for further exploitation and encrypting the organization’s data to demand a ransom.
Supply chain attacks present a challenge in detecting and recovering the affected data. The shift towards the Zero Trust approach means that the traditional perimeter of the organization is becoming less significant. The use of identity-based security controls with limited access and the implementation of cloud posture management to meet the standards set by the Cloud Service Provider (CSP) or regulatory requirements is crucial for enhancing data security. Additionally, it is essential to have mechanisms in place for detecting attacks and restoring data in case of a disaster.
The consequences of data exfiltration can include:
- Loss of trust from customers, stakeholders, partners, and employees can negatively affect business operations, investments, and decisions to work with the organization.
- Loss of intellectual property, which results in the theft of unique knowledge used for product development, strategic planning, and even further attacks.
- Decreased confidence of employees in the organization’s ability to secure their data.
- The possibility of facing regulatory penalties, such as financial fines or demands for process and business changes.