Cloud security: Top cyber risks facing financial services firms today

By António Vasconcelos, Technology Strategist at SentinelOne

 

As financial enterprises continue their investment in digital transformation, including aspects like offering more digitalised services to their customers, the transition to the cloud is nothing short of inevitable. Still, it is important to remember that using the cloud does not equate to 100% security and safety against cyberattacks. As more and more digitalised services are exposed through the cloud, the expanded attack surface will in turn create a greater risk of data breaches. The increase in threat activity is present in all forms of cloud technology, and organisations are often faced with the challenge of recognising novel attack techniques and new attack surfaces, in addition to understanding where potential weaknesses are.

Given the monumental nature of this task, what are the key areas financial services firms should defend against?

IT System Vulnerabilities  

Next to the popular phishing attacks through emails, adversaries are looking for any weaknesses that can be exploited in cloud services and allow them to gain access. One well known example is the exploitation of the Apache Log4J vulnerability which was discovered in December 2021. This single weakness had a massive impact globally, and victim organisations that were reliant on vulnerability scanners to identify and defend against the risk across their networks were exposed to it for a week before the disclosure of the vulnerability. Naturally, it was even more challenging for organisations that had no way to automatically determine impacted infrastructure, whether that was IaaS, SaaS or PaaS.

Compromise through vulnerable services is one of the key vectors of cloud network attacks. Therefore, it is critical to ensure that the infrastructure and services running in cloud platforms are properly up-to-date. This is particularly important for cloud services because post-compromise actions are available to the attacker, like lateral movement to major business systems and resources hosted in a cloud network, and because of the challenge victims face to respond effectively and in a timely manner. Nevertheless, not all cloud systems are properly updated, so it is vital for enterprises to be able to detect malicious activity before a service is known to be vulnerable. Leveraging threat and vulnerability management in order to have a prioritised set of vulnerabilities to focus at – and crossing it with threat intelligence, patching status, and services/software/endpoint inventory information – is key to ensure the reduced risk of data breach through vulnerabilities.

Cloud Misconfigurations

The most common cause of cloud platform data leaks can be attributed to configuration oversight. Often customer data is mistakenly left publicly accessible, or easily accessible, to attackers, which has led to the number of leaks rising over the past years. While this risk is not unique to the cloud, it is happening more frequently mainly due to the ease and hidden complexity of cloud services configurations, and the fact that these services are exposed widely.

However, it is not just data leaks that are happening as a result of cloud services configuration oversight. Additionally, attackers are often gaining foothold into these organisations’ on-premises infrastructure through the cloud using site-to-site VPN connections, application reverse proxies, APIs, and more. This further expands the attacker’s foothold, which leads to increased lateral movement and privilege escalation opportunities.

Supply Chain Attacks

Supply chain attacks have been on the rise, particularly since the remote or hybrid working model has been adopted by financial institutions. IT infrastructure is now more reliant on external touchpoints, not directly controlled by the organisation, which adds new layers of risk to the sensitive data banks are handling daily.

However, it is not just remote working that carries a risk, but rather the variety of different elements that are part of the larger universe required to operate the banking system. Some of these other elements are:

  • Mobile banking apps
  • Tech and development supply chain
  • Operating partners and services suppliers
  • The customer

The examples above are few, but securing every aspect of these touchpoints is vital, particularly when there are supply chain attacks that are specifically focused on cloud networks and services.

Cloud Management Platform Access

All of the examples above have one commonality – the desire of adversaries to gain access to the cloud management platform, particularly to any privileged cloud accounts. As a result, it is critical to defend against cloud threats, as these offer an opportunity to break the barrier and gain information or control over a powerful and trustworthy service.

Equipped with privileged access to the management platform of a cloud service, whether that is AWS GCP or Azure, an attacker can work their way into many difficult-to-identify places. For example, stolen access credentials, which can be obtained in a vast number of ways, can lead to bulk data theft, supply chain attacks and in some cases access for state-sponsored missions.

Conclusion

Although the cloud promises several key advantages, such as reduced total cost of ownership (TCO), faster go-to-market, scalability capabilities and more, cloud services are also often complex and demanding to manage. Attackers are aware of this and therefore there is a high level of interest from cybercriminals in exploring this rapidly growing adoption, which is driven by widespread digital transformation.

Adversaries are employing a vast and varied array of techniques to breach the cloud security barrier. Therefore, keeping systems updated, ensuring a high-quality security posture for your cloud services, keeping track and addressing any security vulnerability risks, securing touchpoints, and finally educating every employee on every level about cybersecurity has become one of the top priorities for the financial sector. Handling sensitive information is a privilege and therefore securing it should not be an afterthought.

spot_img

Explore more