Dark Clouds on the Horizon: Understanding Cloud Storage Data Theft and How to Prevent It

Dark Clouds on the Horizon: Understanding Cloud Storage Data Theft and How to Prevent It

cloud storage SmallMigrating to the cloud offers organizations several business benefits. But it also exposes them to risks including a cloud storage data theft. What is this emerging threat? And how can organizations protect themselves?

Here we explore the current state of cloud security and things you should look for to prevent the theft of data stored in the cloud.

How Cloud Storage Works

Cloud storage is different than traditional file system storage because of how it works. The latter organizes files in a hierarchical treelike system consisting of branches made up of folders, sub-folders and files. This approach means that different files are stored at different levels of the data storage system. It also requires the creation of certain metadata for files and folders that the system must then manage.

By contrast, storage in the cloud uses object storage where files are stored in a flat, hierarchy-less system of organization. The method uses units of classification called containers, or what Amazon Web Services calls “buckets”, to retrieve data as discrete objects. Applications, in turn, identify files based upon their unique addresses within the containers.

There are several benefits to bucket-based storage over traditional file storage. As noted by InfoWorld, the object storage systems implemented with bucket-based storage create less metadata than traditional file systems and store metadata with each object. This property creates greater efficiency, allowing for extensive scalability. IBM identified that object storage systems also come with built-in resources to ensure data availability as well as scaled-down features for easily storing data that is not regularly updated.

The Current State of Cloud Security and the Rise of Cloud Storage Leaks

Given the advantages of object storage discussed above, it’s likely that cloud storage systems will continue to grow in the coming years. LogicMonitor found in its Cloud Vision 2020: The Future of the Cloud Study that more than four-fifths (83 percent) of enterprise workloads will be located in the cloud by 2020. Of the factors motivating that shift, “digitally transforming enterprises” was the leading cause of greater public cloud engagement or adoption, followed by greater IT agility.

Enterprises aren’t migrating to the cloud without concern, however. In the same report, LogicMonitor found that two-thirds of IT professionals considered security to be their greatest worry when shifting computing resources to the cloud. Those findings aren’t surprising in light of Sumo Logic’s finding that 98 percent of European companies face challenges implementing cloud security. Challenges among security professionals, as identified by ESG, included difficulties applying security policies to the cloud (69 percent), obtaining the same level of visibility as traditional networks in the cloud (62 percent), and achieving a necessary level of automation and orchestration in the cloud (56 percent).

According to CSO Online, these challenges make migration to the cloud attractive to attackers:

Getting ahold of a valuable database or source code is a lot more profitable than stealing individual credit card numbers. Valuable data now lives in cloud environments and hackers know that the security around the cloud is still iterating and optimizing. This makes corporate cloud environments irresistible targets for hackers.

It therefore makes the cloud susceptible to a variety of attack methods. For instance, security researcher Kevin Beaumont noted that computer criminals could exploit publicly writable Simple Storage Solution (S3) buckets to conduct ransom-based attacks. It also appears that bad actors are seizing upon cloud environments’ scalability to conduct cryptojacking attacks. In its second annual Cloud Security Trends report, RedLock observed that a quarter of organizations had already experienced this type of incident in the cloud.

In spite of the risks posed by ransom-based attacks and cryptojacking, information disclosure and data exfiltration are by far the greatest threats facing organizations in the cloud. That’s because organizations oftentimes store objects in a repository that’s not configured properly, such as accidentally designating public access for a private repository that contains keys and passwords. Other times, they place data in the wrong repository. Supporting this observation is the fact that researchers at Digital Shadows detected 1,550,447,111 files exposed in publicly writable S3 buckets in the first three months of 2018 alone. Those exposures didn’t even account for some of the most high-profile disclosures to date, including the following:

  • Verizon: The telecommunications giant suffered two cloud storage data breaches in 2017. The first occurred in July when someone viewed six million records, which consisted of logs from customers who had recently contacted Verizon, by accessing an Amazon S3 bucket controlled by a Verizon partner. The second occurred in September when a researcher found 100MB of corporate data exposed in a public S3 bucket.
  • Time Warner Cable: On August 24, 2017 researchers at Kromtech Security Center discovered an Amazon server without a password while investigating another data breach. The server contained personal and financial information of approximately four million Time Warner Cable customers.
  • U.S. Army: In the fall of 2017, a team of researchers discovered multiple Amazon S3 servers that exposed data from the U.S. Army’s CENTCOM and PACOM divisions as well as from INSCOM, a joint Army and NSA agency. Three folders exposed in the latter incident were freely available for download.

How Organizations Can Protect Themselves

These incidents highlight the need for organizations to ensure the security of their cloud-based data assets. According to SANS Fellow Ed Skoudis, the first step for organizations is to develop an asset inventory, which must include the locations of data assets. They should then use tools like git-seekret and gitrob to prevent developers from committing code with potentially compromised credentials, such as hardcoded API keys and encryption keys, and to search for sensitive information in repositories.

Organizations should also consider implementing strong passwords and encryption to protect their cloud-based data along with access permissions and employee training to make sure only authorized personnel has access to this information. Amazon Macie or Google Cloud’s Data Loss Prevention API can provide additional assistance in preventing cloud-based data theft by automatically detecting and monitoring sensitive data. Finally, Skoudis recommends that organizations review access logs associated with their assets. In particular, organizations can use object-level logging to watch for unusual activity such as access sessions that occur at strange times and to monitor for the creation of unauthorized assets.

For additional guidance on how to apply defense-in-depth strategies to the cloud, check out Amazon’s advice.

Organizations also can defend themselves against attacks against data stored in the cloud by achieving complete visibility over the operations of their network. They can do this with the help of Lastline Network Defender, a network traffic analytics solution that collects isolated events from different parts of the IT environment categorizes that data to link disparate malicious activities, and triages comprehensive incidents across the network to prioritize the highest risk attacks for investigation. Learn more about Lastline Network Defender.

Swarup Selvaraman

Swarup Selvaraman

Swarup is the Senior Director of Product Management Cloud at Lastline. He is a security industry veteran having worked at leading security companies, including FireEye and SonicWALL. He has expertise in multiple security categories, spanning cloud security, network security, email security and security platforms for the SOC. He brings a broad security experience and know-how to solve problems as organizations migrate their infrastructure to the cloud.
Swarup Selvaraman