One topic we’ve written about a lot on this blog is lateral movement, when attackers leverage existing credentials and connections to move from one machine to another within an environment. When you add cloud to the mix, however, there are so many changes - from new attack vectors to methodologies and prioritizations - that the phrase seems incomplete.
For example, what happens when an attacker controls the local computer of a DevOps team member, and then finds credentials for high-privilege access to AWS? Or if a malicious insider, who has privileges in Microsoft Azure, then attempts to move to a private cloud that he is not supposed to enter, in an attempt to steal sensitive data or to cause service disruptions? Or perhaps the attacker will try to steal a sensitive document from a shared folder in a SaaS application like Dropbox. The shift to the cloud from solely on-premise environments sitting behind a firewall continues at rapid speed. The typical business relies on a hybrid mix of public and private clouds, coupled with traditional on-premise infrastructure. As more businesses move critical operations to cloud applications - such as choosing Salesforce as their CRM or using Azure for hosting their databases - new attack vectors are created and evolve. ...read more!
