Google Report Reveals Most Widely Used Cloud Attack Vectors – Source: securityboulevard.com

Google this week published a report that showed the majority of cloud security issues involved stolen credentials (60%), followed by misconfigurations at a distant 19%.

The report also noted that 75% of the alerts generated across Google Cloud involved cross-project abuse of access token generation permissions.

Finally, there are also a small number of instances of Android applications where malicious updates are being used to evade security controls in a way that enables cybercriminals to target end-user credentials and data.

Matt Shelton, head of threat research and analysis at Google Cloud, said the report makes it clear that improvements to the way identities are managed in the cloud would have the most impact on improving the overall state of cloud security. Most of the issues identified in this report would be resolved by consistently implementing multifactor authentication (MFA) and relying more on biometric passkeys rather than passwords, he noted.

Overall, cloud security continues to improve as more organizations embrace zero-trust policies, but there is clearly still room for improvement, Shelton noted.

In addition, ongoing advances in artificial intelligence (AI) should also make it less likely developers will misconfigure services, he added.

In the meantime, there’s still a need for more training, but the goal should be to make it simpler for organizations to embrace cybersecurity by design. That approach would enable cloud service providers and customers to work more closely together instead of enforcing a shared responsibility model that simply defines a separation of concerns, said Shelton.

The two primary reasons cloud platforms are so easily exploited are that passwords are easily compromised and most cloud resources are provisioned by application developers with little to no cybersecurity expertise. Efforts are underway to instill DevSecOps best practices within the application development community to reduce misconfigurations, but developers will always value speed and convenience over cybersecurity.

What is improving, however, is the ability to detect these issues before cybercriminals exploit them. The issue is that many of the organizations that are building and deploying applications in the cloud lack the resources and expertise required to acquire and manage these platforms themselves. Many of them should be relying more on managed services to automatically detect issues, noted Shelton.

Overall, there is still a tendency to focus too much on esoteric exploits. A new potential vulnerability is discovered each week that could be exploited. However, the most commonly exploited vulnerabilities have remained unchanged for the past 10 years. Cybercriminals are not going to go to the trouble of learning how to compromise a new vulnerability when the ones they already know how to exploit continue to work. The bottom line is that an organization focusing on cybersecurity fundamentals will be able to address 90% of the issues that cause most of the breaches.