Cloud-native breaches occur when an adversarial actor gains access to a cloud customer’s resources, locates valuable data, and steals that data. The mechanics of how a cloud-native breach occurs differ greatly from the on-premises data breaches that we see targeting data centers, networks, and devices. Let’s start with the fundamentals of security in the cloud to get to the core of the difference.

When a company becomes a customer of a cloud service provider (CSP) for compute, storage, database, and many other fundamental elements of IT.

This freedom to build with the scale and agility of the cloud also comes with limitless opportunities for error. Cloud-native breaches capitalize on those errors and leverage the native features of the cloud to execute [1] their attack, often without the cloud customer ever noticing. Let’s now move on to a more detailed definition.

Cloud-native breaches are a series of actions by an adversarial actor in which they “Land” their attack by exploiting errors or vulnerabilities in a cloud deployment without using malware, “Expand” their access through weakly configured or protected interfaces to locate valuable data, and “Exfiltrate” that data to their own storage location.

Three stages of cloud-native breaches

Land

• By gaining a foothold into the IaaS/PaaS environment.
• Leverage compromised/weak credentials to gain access as a legitimate user.
• Exploit a vulnerability, such as server-side request forgery (SSRF), in deployed software.

Expand

• By finding ways to move beyond the landing node.
• Leverage privileges associated with a compromised node to access remote nodes.
• Probe for and exploit weakly protected applications or databases.
• Capitalize on weak network controls.

Exfiltrate

• Data while staying under the radar.
• Copy data from the storage account to anonymous nodes on the internet.
• Create a storage gateway to [2] gain access to the data from a remote location.
• Copy data from the storage accounts to a remote location outside the virtual private cloud (VPC).

In the perspective of Healthcare, Banking, E-commerce, Entertainment in this outbreak:

1. E-Banking and Transferring Money: Sometimes it might happen we cannot understand if any spoofed already happens in the workstations. This situation becomes dangerous when someone transfers money even though SSH secured a website or accessing the banking portal.
2. Unskilled Use of Banking Website: In this restricted health outbreak cases people rely mostly on online banking. We can find a different group of users using the e-portal for emergencies without much knowledge about security protocol. Unskilled use of the banking portal remains open when customers forget to log-out. This situation becomes prey for the attackers recently.
3. Attack through Coronavirus Safety Apps: Spreading malware through coronavirus safety app and gaining contacts [3] is another infected area in this pandemic. Thousands of coronavirus website have been created for this spoofing. Besides applications running in the current situation do not possess ultimate trust where some recent attacks occurred.
4. Spikes in Online Purchase of Essential Goods: In pursuit of purchasing online essential goods like medicines, grocery items local online e-commerce portal making money. By stealing the customers’ information through mobile number or email address hackers can penetrate their login information and penetrate their banking details too shown in figure1 given below.

Figure 1: cloud breaches in covid19

References:

1. www.mcafee.com/enterprise/en-us/security-awareness/cloud/what-is-cloud-nati…
2. https://www.mcafee.com/.../cloud/what-is-cloud-native-breach.html
3. https://ieeexplore.ieee.org/document/9215374

Cite this article:

S. Nandhinidwaraka (2021) The Development of Cloud Breaches in covid19, AnaTechmaz, pp. 6