Full Report
Wiz and Procter & Gamble experts share their security insights and tips
Analysis Summary
# Main Topic
Security insights and threat mitigation strategies shared by experts from Wiz and Procter & Gamble concerning rapidly evolving cloud security threats.
## Key Points
- API attacks are identified as the number one worry for cloud security practitioners due to increased interconnectivity.
- Cloud ransomware poses a severe risk, where attackers gain access, install their own security keys, and lock the legal owner out of the entire cloud environment, not just encrypting data.
- Crypto miner attacks are a resource-sapping threat that utilizes victim virtual servers to mine cryptocurrency.
- Misconfiguration remains the single most significant vulnerability in cloud environments.
- A significant security skills gap exacerbates challenges in multi-cloud environments, making forensic analysis and incident response difficult.
## Threat Actors
- Threat actors are leveraging cloud complexity and security skill gaps to execute attacks.
- Specific threat actors were not attributed; the discussion focused on the TTPs employed by general cybercriminals targeting cloud resources (ransomware groups, crypto miners).
## TTPs
- **API Exploitation:** Gaining unauthorized access through inadequately configured APIs, particularly where object-level permissions are not properly activated.
- **Cloud Ransomware Deployment:** Establishing persistence by creating new security keys within the victim's cloud tenancy to maintain denial-of-access control.
- **Crypto Mining Insertion:** Deploying malware via methods such as embedded website code or phishing emails to gain control over virtual servers for resource misuse.
- **Evading Detection:** Sophisticated cryptominers deploy resources mimicking legitimate cloud usage patterns, making manual detection difficult.
## Affected Systems
- Cloud environments (general, multi-cloud setups).
- APIs (Digital doorways connecting systems and data).
- Virtual servers targeted by crypto miners.
- Systems suffering from misconfigurations in object-level permissions.
## Mitigations
- **API Security:** Implement rigorous authorization policies and ensure all users are authenticated. Invest in API-specific security tools capable of correlating information, identifying vulnerabilities, and providing remediation steps for misconfigurations.
- **Ransomware Defense:** Recognize that isolation is less effective in the cloud; adopt a posture where access points are considered potential attack vectors.
- **Crypto Mining Detection:** Deploy sophisticated behavioral analytics solutions designed to identify unusual and unauthorized patterns of cloud server resource usage.
- **Skills Gap Bridging:** Conduct regular InfoSec training (e.g., monthly training days) and assign dedicated security team members to protect specific cloud instances to improve response capabilities across complex architectures.
## Conclusion
The threat landscape in the cloud is defined by configuration errors (API insecurities), devastating persistence mechanisms (cloud ransomware), and resource drain (crypto mining). Mitigation requires layered security focusing on robust identity and authentication for APIs, comprehensive behavioral monitoring to counter resource abuse, and continuous investment in security team skills to manage multi-cloud complexity effectively.