Many public cloud infrastructures suffer from serious security loophole
Working with public cloud infrastructure without the right understanding of risks and security challenges may prove to be a risky bet today. One of the most critical spots where attackers look for vulnerability is the cloud Identity and Access Management (IAM) layer, which many companies often fail to secure. A lack of effective identity and access management poses significant risks not only to compliance, but also overall security. The Capital One breach is one such recent example.
Research conducted by XM Cyber's Igal Gofman, Head of Security Research, and Yaron Shani, Senior Security Researcher, suggests a new attack vector in cloud providers' API can be exploited by adversaries to gain highly privileged access to critical assets in the cloud.
What was found in the research?
Researchers found that cloud APIs' accessibility over the Internet opens new possibilities for adversaries to plan their attack. The researchers note that current security practices and controls are not sufficient to mitigate the risk posed by the misconfiguration of the public cloud.