How to Protect Cloud Data
The recently disclosed data breach at MGM Resorts, exposing millions of the personal details of former hotel guests, highlights the importance of protecting your organization’s data stored in the cloud.
An MGM spokesperson told ZDNet, “Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts.”
The company said it promptly notified all impacted former hotel guests in accordance with applicable state laws. The company added that no financial, payment card or password data was involved in the data breach.
While the unauthorized access to MGM’s cloud server happened months ago, details of this data breach only surfaced when a malicious actor published on a hacking forum last week the personal details of former guests of MGM Resorts hotels. According to ZDNet, analysis of the data dumped by the malicious actor showed personal details such as full names, home addresses, phone numbers, emails, and dates of birth of guests that stayed at the hotels before 2017.
The malicious actor who dumped the MGM customers’ data, ZDNet said, is believed to be a member or in association with the group known as “GnosticPlayers”, the group that dumped breached records of more than one billion users. It wasn’t clear, however, how MGM’s cloud server was illegally accessed.
What Is a Cloud Server?
A cloud server, also known as virtual server, performs application and information-processing storage in a cloud computing environment. Examples of cloud computing environment include Microsoft Azure, Amazon Web Services (AWS) and Google Compute Engine (GCE).
Many organizations have migrated to cloud servers as these are cost-effective and scalable. Organizations using cloud servers pay only what they need, reducing the cost that comes with maintaining server hardware in the case of on-premise server usage. Cloud servers also enable organizations with irregular needs to scale their computing and storage resources.
Similar to on-premise servers, when unprotected, cloud servers can be breached by malicious actors. In July 2019, Capital One Financial Corporation disclosed that its cloud server was illegally accessed, resulting in the data theft of customers’ data, affecting approximately 100 million individuals in the U.S. and approximately 6 million in Canada.
Watch Your APIs
API, short for application programming interface, allows easy access to all functions of the cloud server. A recent report from Akamai showed that APIs, in general, have been targeted by cyber criminals for credential stuffing attacks.
In credential stuffing, attackers use a list of stolen user credentials to break into cloud server APIs. Akamai’s report showed that from December 2017 through November 2019, it observed 85,422,079,109 API credential abuse attacks across its customer base.
One of the reasons why credential stuffing attacks are successful is due to the fact that some APIs allow as many password guesses. Criminals take advantage of this lack of control and attempt to guess passwords, some by thousands of guesses in minutes.
Some APIs, meanwhile, throttle failed attempts. Criminals bypassed this throttling process by staging the guessing attempts in a low and slow approach to ultimately guess the correct password.
The growing number of API credential stuffing attacks is also a product of the large number of data breaches over the past decade. Billions of these stolen credentials are publicly available on the internet, with some sold on underground markets as commodities.
In guessing the correct passwords, attackers use bots, which automate and scale the guessing attempts. Bots use stolen usernames and passwords on the assumption that many users reuse these credentials. According to Imperva, about 0.1% of breached credentials attempted on another service will result in a successful login.
The use of multi-factor authentication renders passwords useless.
Watch Out for Misconfigurations
Many organizations that migrated to the cloud in recent years and months have encountered a phenomenon that’s only found in cloud computing: inadvertent public exposure of cloud data. Misconfiguration is often the cause of inadvertent cloud data exposure. With an option to make data stored in the cloud public or private, many have erred in making data meant for private viewing, public.
Microsoft, itself, encountered the problem of cloud data misconfiguration. While maintaining that its commercial cloud services aren’t affected, Microsoft, last January, admitted that its customer support database in the cloud was inadvertently exposed to the public due to misconfiguration.
“Our investigation has determined that a change made to the database’s network security group on December 5, 2019 contained misconfigured security rules that enabled exposure of the data,” Microsoft said. “Upon notification of the issue, engineers remediated the configuration on December 31, 2019 to restrict the database and prevent unauthorized access. This issue was specific to an internal database used for support case analytics and does not represent an exposure of our commercial cloud services.”
According to Security Discovery’s Cyber Threat Intelligence Director Bob Diachenko, the researcher who reported the exposed data to Microsoft, 250 million records of internal customer support data were temporarily made accessible to anyone with a web browser, with no password or other authentication required.
Microsoft said that it will implement the following steps to protect its data stored in the cloud:
- Auditing the established network security rules for internal resources;
- Expanding the scope of the mechanisms that detect security rule misconfigurations;
- Adding additional alerting to service teams when security rule misconfigurations are detected; and
- Implementing additional redaction automation.
When you need to make sure that your data is sufficiently protected in the cloud, and monitored, trust our cloud security and risk experts to quickly evaluate your cloud infrastructure and safeguard your data or provide you with a simple actionable plan.
Call today (416) 920-3000 to schedule a free consultation or email us at email@example.com