In mid-2019, an attack against Capital One’s AWS cloud environment exposed the data of 106 million customers. The breach of one of the largest U.S. banks served as a wake-up call in cloud security, showing what’s possible when an attacker targets the public cloud.
However as bad as it was, the breach only impacted one company. Thanks to the architecture of the cloud, every organization’s data is kept isolated and invisible from the others. An attacker who breaches a single customer’s environment cannot gain access to the rest.
They’re not supposed to be able to. The series of public cloud vulnerabilities discovered since last August have pointed to the possibility of an attack at an unprecedented scale: If such an attack were to be successful, it could be the Capital One breach times 100 or 1,000, researchers say.
Thankfully, that’s not something we’ve seen happen so far. But it also means that the issue hasn’t gotten a large amount of attention either, even in the security community, a number of cyber security experts told Protocol.
An analogy could be made to software supply chain attacks, frightening on similar grounds: Compromising a single application can lead to the breach of many end customers, as in the SolarWinds attack in 2020. The public cloud has yet to have a SolarWinds moment. Still, it might’ve been a different story if attackers had discovered even just one of these recent vulnerabilities first.
In this world, everything and anything is interconnected. We are an extension of the cloud, it can be Azure, AWS, or Google, and there are no differences between them. We connect to the cloud in many ways. Using a web portal, scripts, software, and tools, we cannot use the cloud without connecting. If we decide to use the cloud, we ask for a service, and the cloud provider or our cloud administrator will grant us an authentication to the service. He will also provide the necessary authorizations to use the service. Authentication and authorization are the two main pillars of security, and a privilege escalation attack also has two phases. First, it finds a way to authenticate, and after, it escalates in the environment to get more authorization as possible.
How is a Hacker able to Find a Breach in Our Cloud?
The question is misleading because the hacker doesn’t look in the cloud; he looks at the user; we are the fundamental objective of the hacker.
We can close any door in the cloud, but we also need people to enter these doors to support the infrastructures, use the services, and more, we cannot use the cloud without connecting to it.
Cloud providers are investing a lot in the security space, creating and inventing a new way to protect the user. Still, there is always the human factor to consider, we are the real problem, often due to our lack of responsibility.
The most preferred victims are IT Administrators, and a good strategy for the hacker is to use social engineering to identify the IT Administrators in the company.
After that, he can approach him in different ways, by email, creating friendship. Another frequent technique is hiring.
It is straightforward for the hacker to get hired by the company; they prefer low-level profiles like the developer of Junior administrator, and they approach the target without any problem.
For all these reasons, the best approach to use in security is Zero Trust: never trust anyone, provide as few credentials as possible, and remove access to any sensitive information, especially from internal.
It is very natural for the company to block access from the external, but what about the internal?
Some implemented some security scenarios, and I am planning to create some webcasts, and I also plan some conferences in the next months, and I will show these attacks in real-time.
Some tested many scenarios, and even using MFA, we can be vulnerable, unless we force the authentication every time the user logs into Azure; unfortunately, this is not a normal practice.
We have two types of AMI, System, and User-assigned. The main difference is that the resource manages the System, and we cannot share the identity across multiple resources.
Mıcrosoft Azure is one of the most Hacked Clouds
On March 20th, 2022, a hacking group called Lapsus$ targeted Microsoft. The group posted a screenshot on Telegram indicating they had hacked Microsoft, and in the process, compromised Cortana, Bing, and several other products. The hackers retrieved some material from Microsoft, but by March 22nd Microsoft announced it had quickly stopped the hacking attempt and only one account was compromised. Microsoft also said that no customer data had been stolen. In this case, Microsoft benefited from the publicity it received for its effective security response. The Lapsus$ group had previously targeted Nvidia, Samsung, and plenty of other companies, so Microsoft’s security team was ready.
The most preferred victims are IT Administrators, and a good strategy for the hacker is to use social engineering to identify the IT Administrators in the company.
Has Amazon Cloud ever been Hacked?
In June 2022, a former Amazon employee was convicted for her role in the 2019 Capital One breach. The hacker in question used her insider knowledge of to hack over 30 companies and illegally access the personal data of over 100 million people. She now faces up to 45 years in prison.
Otherwise, the most recent known Amazon data breach happened on October 6, 2021, when an unknown hacker leaked sensitive data pertaining to Twitch, a streaming service owned by Amazon. This leak included Twitch’s source code, streamers’ earnings numbers, and more, but does not appear to have compromised users’ login credentials or credit card information.
There have also been numerous breaches in Amazon Web Services (AWS) over the years below, we’ll go into more detail on the full history of Amazon breaches, starting with the most recent.
Has Google Cloud ever been Hacked?
Google has always been known for its data security. However, Google Cloud has been hacked on multiple occasions.
In June 2018, Google was hit with a data theft that affected over 800,000 Google Cloud customers. The attack was traced back to China and involved the theft of user data, including names, email addresses, and passwords.
In March 2018, Google was hit with a data theft that affected over 500,000 Google Cloud customers. The attack was traced back to Russia and involved stealing user data, including names, email addresses, and passwords.
Are Cloud Systems Safe?
The fact that the file sizes are getting bigger day by day and the conversion of every data to digital has of course caused some problems in the data storage area.
Although Cloud Technology, which is shown as the data storage technology of the future, plays an important role in overcoming the problems in data storage, users still agree that this technology is not secure enough