CyberSecurityBoard
Sponsor Register Login

You should be worried about cloud squatting

Most security issues in the cloud can be traced back to someone doing something stupid.
I do see misconfigured cloud resources, such as storage and databases, that lead to vulnerabilities that could easily be avoided.
Although cloud squatting is being pushed as a new threat, we've known about it for years.
What changed is that as we move more assets into the public cloud and have new people taking care of these assets, there seems to be a renewed interest in this vulnerability.
The core issue is that cloud asset deletions often occur without removing associated records, which can create security risks for subdomains.
Failure to also delete records allows attackers to exploit subdomains by creating unauthorized phishing or malware sites.
Allocating assets such as virtual servers and storage space is quick, generally done in seconds, but deallocation is more complex, and that's where the screwups occur.
We're seeing the creation of multiple records pointing to temporary cloud resources for different applications and tools; then organizations fail to delete cloud assets and associated records.
Identifying and fixing cloud squatting is challenging for large enterprises with vast amounts of domains.
Global infrastructure teams have varying degrees of training, and with 100 or more people in the security admin team, you're bound to run into this problem a few times a month.
These tools check the validity of IP records assigned to the company's assets.
These are assigned automatically by cloud providers.
Mitigating cloud squatting is not just about creating new tools.
This means transferring their owned IP addresses to the cloud, then maintaining and deleting stale records, and using DNS names systemically.
The idea is to remove the ability for old, undeleted records to be exploited.
Second, enforce policies for using DNS names, and regularly maintain records for effective management.
Two things are occurring right now that are causing cloud squatting to become more of a threat.
The issue is the rapid expansion of cloud deployments during the pandemic.
Massive amounts of data were pushed into the clouds, with domains allocated to find that data and little thought about removing them when they became unnecessary.
Most of these issues can be traced to inadequate training or hiring lower-tiered cloud administrators to keep things going.


This Cyber News was published on www.infoworld.com. Publication date: Tue, 26 Dec 2023 10:13:30 +0000


Cyber News related to You should be worried about cloud squatting

What is a Cloud Architect and How Do You Become One? - A cloud architect is an IT professional who is responsible for overseeing a company's cloud computing strategy. This includes cloud adoption plans, cloud application design, and cloud management and monitoring. Cloud architects oversee application ...
11 months ago Techtarget.com
Multi-Cloud vs. Hybrid Cloud: The Main Difference - The proliferation of cloud technologies is particularly confusing to businesses new to cloud adoption, and they're sometimes baffled by the distinction between multi-cloud and hybrid cloud. Although the public cloud infrastructure and public cloud ...
1 year ago Techtarget.com
2023 Cloud Security Report - Security concerns remain a critical barrier to cloud adoption, showing little signs of improvement in the perception of cloud security professionals. Cloud adoption is further inhibited by a number of related challenges that prevent the faster and ...
1 year ago Cybersecurity-insiders.com
You should be worried about cloud squatting - Most security issues in the cloud can be traced back to someone doing something stupid. I do see misconfigured cloud resources, such as storage and databases, that lead to vulnerabilities that could easily be avoided. Although cloud squatting is ...
1 year ago Infoworld.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
4 months ago Aws.amazon.com
The 10 Best Cloud Security Certifications for IT Pros in 2024 - Many professionals seeking a career in cloud security turn to certifications to advance their learning and prove.... their knowledge to potential employers. The number of cloud security certifications has increased in recent years making it difficult ...
1 year ago Techtarget.com
Cloud Security: Stats and Strategies - An interesting aspect in O'Reilly's latest Cloud Adoption report based on a global survey conducted is that 90% of the responders are using the cloud to support their business. One of the key takeaways from the State of the Cloud report from Flexera ...
1 year ago Feeds.dzone.com
Top Cloud Security Issues: Threats, Risks, Challenges & Solutions - Cloud security issues refer to the threats, risks, and challenges in the cloud environment. To combat these cloud security issues, develop a robust cloud security strategy that addresses all three to provide comprehensive protection. Cloud security ...
8 months ago Esecurityplanet.com
What Is Cloud Security Management? Types & Strategies - Cloud security management is the process of safeguarding cloud data and operations from attacks and vulnerabilities through a set of cloud strategies, tools, and practices. The cloud security manager and the IT team are generally responsible for ...
8 months ago Esecurityplanet.com
6 Best Cloud Security Companies & Vendors in 2024 - Cloud security companies specialize in protecting cloud-based assets, data, and applications against cyberattacks. To help you choose, we've analyzed a range of cybersecurity companies offering cloud security products and threat protection services. ...
11 months ago Esecurityplanet.com
7 Considerations for Multi-Cluster Kubernetes - A hybrid cloud is a cloud computing environment that combines public and private clouds, allowing organizations to utilize the benefits of both. In a hybrid cloud, an organization can store and process critical data and applications in its private ...
1 year ago Feeds.dzone.com
What Is Cloud Workload Security? Ultimate Guide - Cloud workload security, or cloud workload protection, refers to the tools and policies used to protect apps, services, and resources that run on cloud infrastructure. Your organization can manage cloud workload security through coordination across ...
7 months ago Esecurityplanet.com
Middle East CISOs Fear Disruptive Cloud Breach - As organizations in the Middle East increasingly adopt cloud services, business leaders worry that their cloud-security measures are falling short. Running in the Cloud The worries arise as organizations in the Middle East accelerate their cloud ...
1 year ago Darkreading.com
CrowdStrike Enhances Cloud Asset Visualization to Accelerate Risk Prioritization - The massive increase in cloud adoption has driven adversaries to focus their efforts on cloud environments - a shift that led to cloud intrusions increasing by 75% in 2023, emphasizing the need for stronger cloud security. As organizations increase ...
8 months ago Crowdstrike.com
What Is Cloud Repatriation and Why Are Businesses Doing It? - At first glance, this may seem to indicate that businesses are seeking out ways to reclaim control of their information and take back data stored on the cloud. Cloud repatriation, also known as reverse cloud migration, is when data is moved from the ...
1 year ago Securityboulevard.com
Managing the Requirements of a MultiCloud System - The use of digital technology has advanced to include cloud computing in the delivery of services, cost reduction, increased agility, and improved security. The emergence of various cloud solutions has led organizations to move their assets from ...
1 year ago Blog.isc2.org
What is cloud load balancing? - Cloud load balancing is the process of distributing workloads across computing resources in a cloud computing environment and carefully balancing the network traffic accessing those resources. Cloud load balancing helps enterprises achieve ...
10 months ago Techtarget.com
Falcon Cloud Security Supports Google Cloud Run to Strengthen Serverless Application Security - We're thrilled to share that the CrowdStrike Falcon® sensor now fully supports Google Cloud Run, bringing advanced security capabilities to your serverless applications. While we announced this at Google Cloud Next in April 2024, this blog goes ...
7 months ago Crowdstrike.com
4 types of cloud security tools organizations need in 2024 - By now, organizations know which on-premises security tools they need, but when it comes to securing the cloud, they don't always understand which cloud security tools to implement. While many traditional on-premises tools and controls work in the ...
9 months ago Techtarget.com
Best Practices for Cloud Computing Security - Given that business data is often sensitive and confidential, cloud computing environments require necessary security measures. As you navigate cloud computing platforms, here are essential security tips to remember. Look for cloud computing services ...
8 months ago Hackread.com
Cloud Security: Ensuring Data Protection in the Cloud - Data Encryption: Protecting sensitive data is a top priority in cloud security. Cloud security is of utmost importance when it comes to protecting and ensuring the confidentiality of data stored and transmitted in the cloud. Data protection in the ...
11 months ago Securityzap.com
What is a cloud application? - A cloud application, or cloud app, is a software program where cloud-based and local components work together. Cloud application servers are typically located in a remote data center operated by a third-party cloud services infrastructure provider. ...
10 months ago Techtarget.com
Expanding the Availability of CIS Hardened Images on Oracle - Some IT and security leaders lack confidence in their ability to secure their workloads in the cloud. That's not necessarily affecting public cloud spending. According to Gartner, global end-user spending on public cloud services will reach $591.8 ...
2 years ago Cisecurity.org
Best practices in moving to cloud native endpoint management - This blog is the second of three that details our recommendation to adopt cloud native device management. A common thread through the customer stories was how they achieved greater security, cost savings, and readiness for the future through their ...
1 year ago Microsoft.com
Cloud Security Best Practices for Businesses - In today's digital landscape, ensuring robust cloud security is a crucial priority for businesses. The increasing reliance on cloud services to store and process sensitive data necessitates organizations to adopt best practices to safeguard their ...
1 year ago Securityzap.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)