Evolving Threats to Cloud Computing Infrastructure and Suggested Countermeasures

云计算是一项惊人的技术突破. Due to its features, 比如24/7按需可用性, 任何地方的可访问性, scalability, and online storage, it provides many cost benefits for enterprises that run their business operations over the cloud. These organizations need not incur capital expenditure and make huge investments in computing infrastructure. Instead, they can pay only for what they need and scale up as and when they require. In addition, 云计算降低了电力成本, 降低员工成本，减少碳足迹.

因此，云的采用在全球范围内正在快速进行. According to the Flexera 2024年云状态报告, “The shift towards hybrid and multi-cloud environments underscores the importance of comprehensive cost management, 几乎一半的工作负载和数据都在公共云中, and organizations’ usage of multi-cloud has gone up to 89% this year from 87% last year.”

However, with the increased usage of cloud computing over the past several years, 安全威胁呈指数增长. We will review below some of the current cloud attack types and emerging threats, 以及可能的对策, 根据2023年和2024年发表的精选研究报告.

云计算:当前的威胁和漏洞

As per Palo Alto Networks’ Unit 42 latest attack surface threat research report, four out of five security vulnerabilities observed in organizations across all sectors come from cloud environments. 这份报告概述了最常见的安全漏洞, 其中60%来自于web框架接管.8%)，远程接入业务(20%).(8%)， IT安全和网络基础设施(17%).1%).

It also highlighted how constant changes in cloud offerings significantly impacted the user’s exposure. 威胁研究小组的建议如下:

1. Maintain a comprehensive, real-time understanding of all internet-accessible assets
2. 定期检查和更新云配置
3. 促进安全和DevOps团队之间的协作
4. Focus on addressing the most critical vulnerabilities and exposures.

Meanwhile, according to the 谷歌云网络安全预测2024报告, the year 2024 will witness generative artificial intelligence and large language models (LLMs) being used in phishing, and SMS and social engineering operations by attackers to spread fake news. In the insight report on the Global Cybersecurity Outlook 2024 published by World Economic Forum in January 2024, 大多数人认为“在未来两年内, 生成人工智能将为攻击者提供网络优势(55).9%).”

Therefore, generative AI will be the major evolving threat for cloud computing.

以下是其他五个顶级云漏洞:

1. Cloud misconfigurations
Any cloud misconfiguration involving cloud components such as storage, networking, access controls, etc.，可能导致网络威胁暴露. 据报道，去年 Japanese automaker Toyota said approximately 260,000 customers’ data were exposed online 由于云环境配置错误. 一些补救措施包括:

• 加固服务器并关闭开放的端口
• 确保日志机制的功能
• 加强访问控制
• 定期配置审计
• Secure storage in cloud

2. Multi-cloud vulnerabilities
As mentioned above, 今年89%的组织正在使用多云, 这导致了共享的技术漏洞. 常见软件设计中的漏洞, web browsers, and common database systems can cause phishing and malware attacks, 数据泄露和其他安全问题. 补救措施包括:

• 根据最佳实践和标准对服务器和防火墙进行加固
• Network segmentation and proper de-militarized zone (DMZ) management
• 每个供应商建议的补丁管理计划
• Secure architecture implementation, following security by design methodology

3. Lack of secure APIs
2022年11月，Twitter API安全漏洞 暴露的个人资料5.4 million users. Part of the data was sold on the dark web, and the remaining was released for free. See my previous thoughts here on API security.

4. Lack of transparency
A lack of transparency due to insufficient monitoring mechanisms, 缺乏对用户活动的洞察力, and sometimes even real-time reports slows down the unusual behavior detection and even the chance to detect any known attack patterns. 由Illumio公司进行的研究 in 2023 states that nearly half of all data breaches are originating in the cloud, 平均成本为4美元.1million, with 95% of the survey respondents pointing to the lack of visibility and delay in responding to attacks as the main reason. Robust logging and monitoring mechanisms can be a good measure to improve visibility and transparency.

5. 无服务器架构漏洞
The 全球无服务器架构市场规模 crossed US$7.到2020年将达到60亿美元，预计复合年增长率为22%.7% to reach US$21.1billion by the end of 2026. Serverless architecture means the cloud provider provides the servers and we need to upload our code and operate. 这被称为功能即服务(FaaS), where the billing is done based on the number of network requests and activity that occurs on the deployed functions. 无服务器架构漏洞 can be effectively remediated through robust software development practices and granting correct access control permissions on serverless functions.

From a 2023年行业研究报告, findings of the common types of cyberthreats and attacks in cloud computing are displayed below:

The most common threats and attacks in the cloud computing environment as shown in the figure above are:

1. Data loss or data leakage
2. 拒绝服务攻击或分布式拒绝服务攻击
3. Man-in-the-Middle attack
4. Malware
5. Botnets
6. Social engineering
7. Account hijacking

The 最常见的缓解技术 研究报告中提到的采用的方法如下:

1. 入侵防御系统
2. Two-factor authentication
3. Firewalls
4. 机器学习和人工智能
5. Data encryption

The research report concludes that the biggest threat in cloud computing is data leakage and the most recommended technique is IPS or IDS to mitigate the threats in cloud computing.

保护你的云基础设施

Cloud computing is an amazing evolution that provides advantages like more flexibility, availability, 提高性能和效率, 同时帮助降低IT成本. Importantly, it accelerates innovation by easily collaborating with AI and machine learning use cases to execute its operations. 

However, the cloud also faces serious threats from AI and machine learning. In addition, cloud operations and its deployment methodologies also pose challenges in securing data and privacy. Therefore, 除了部署传统的安全对策, we should have a robust strategy to protect cloud infrastructure from AI-enabled cyberattacks.

Author’s note: The opinions expressed are of the author’s own views and do not necessarily represent that of the organization or of the certification bodies he is affiliated to.