A new attack vector in cloud providers' API can be exploited by adversaries to gain highly privileged access to critical assets in the cloud.
Protection and mitigation techniques of companies are, in essence, reactive and not predictive.
Working with public cloud infrastructure without the right understanding of risks and security challenges may prove to be a risky bet today. One of the most critical spots where attackers look for vulnerability is the cloud Identity and Access Management (IAM) layer, which many companies often fail to secure. A lack of effective identity and access management poses significant risks not only to compliance, but also overall security. The Capital One breach is one such recent example.
Research conducted by XM Cyber's Igal Gofman, Head of Security Research, and Yaron Shani, Senior Security Researcher, suggests a new attack vector in cloud providers' API can be exploited by adversaries to gain highly privileged access to critical assets in the cloud.
What was found in the research?
Researchers found that cloud APIs' accessibility over the Internet opens new possibilities for adversaries to plan their attack. The researchers note that current security practices and controls are not sufficient to mitigate the risk posed by the misconfiguration of the public cloud.
Getting API access can be easy if the account credentials of those who manage cloud resources (typically the members of the DevOps, development, and IT teams) is compromised.
Obtaining credentials won’t be a highly challenging task since members also use different software development kits and dedicated command-line tools to get access to APIs.
In case an organization’s private subnet is not open to the Internet, according to researchers, cloud APIs can still be a ..
Support the originator by clicking the read the rest link below.
