Cloud infrastructure is becoming an increasingly popular target for watering hole attacks, a new report from Accurics suggests.
In this type of attack, criminals strive to either steal data or deliver malware to end users. The cloud is particularly vulnerable because the development processes that leverage managed services are not hidden inside the organization, as they would be in an on-prem environment.
According to the report, almost a quarter (23 percent) of all violations were the result of poorly configured managed service offerings, which afford many users default or excessive privileges.
In order to tackle the risk, Accurics claims businesses need to assume that the entire development process is easily accessible and restrict access accordingly.
On average, it takes businesses approximately 25 days to mitigate an attack (also referred to as mean time to repair – MTTR).
“In this report, MTTR is particularly important as it pertains to drift – when configuration changes occur in runtime, causing cloud risk posture to drift from established secure baselines. For drifts from established secure infrastructure postures, the MTTR is eight days overall,” the report states.
Even businesses that have a secure baseline will experience drift over time, when their infrastructure is provisioned, it was added. Sometimes, a configuration change can result in a vulnerability that criminals can end up using for years.
“The cloud infrastructure must be continuously monitored in runtime for configuration changes and assessed for risk. In situations where configuration change introduces a risk, the cloud infrastructure must be redeployed based on the secure baseline; this will ensure that any risky changes made accidentally or maliciously are automatically overwritten.”