In an effort to help secure cloud computing environments, the Cloud Security Alliance (CSA) has released the Top‌ ‌Threats‌ ‌to‌ ‌Cloud‌ ‌Computing:‌ ‌Egregious‌ 11‌ Deep‌ ‌Dive‌ report. The report takes a deep look at the challenges of cloud computing as well as looks into nine recent cybersecurity attacks and breaches. 

“These anecdotes will let cybersecurity managers better communicate with executives and peers in addition to providing context for discussions with technical staff and offers in-depth detail for implementing mitigations and countermeasures from a security analysis standpoint,” said Jon-Michael C. Brook, CISSP, CCSK, chair, Top Threats Working Group and one of the paper’s lead authors.

The report looks at nine real-world attacks and breaches and documents issues as it releases to the “Egregious Eleven.”The “Egregious Eleven are: 

  1. Data Breaches
  2. Misconfiguration and inadequate change control
  3. Lack of cloud security architecture and strategy
  4. Insufficient identity, credential, access and key management
  5. Account hijacking
  6. Insider threat
  7. Insecure interfaces and APIs
  8. Weak control plane
  9. Metastructure and applistructure failures
  10. Limited cloud usage visibility
  11. Abuse and nefarious use of cloud services

Additionally, the case studies include: CapitalOne, Disney+, Dows Jones, GitHub, Imperva, Ring, Tesco, Tesla and Zoom. Each case study details threats, vulnerabilities, technical impacts, and controls. 

For instance, the report looks at Zoom’s recent threat of an external hacker harvesting accounts. “With the COVID-19 pandemic, Zoom experienced a huge user uptick with multiple incidents throughout early 2020. Several issues creeped in, including poorly randomized, easily guessed or widely broadcast meeting room information without sufficient detective or preventive security controls. Customer credential reuse was rampant, without appropriate Zoom corrective security controls. Lastly, attackers could use the Zoom Windows client’s group chat feature to share links that leak Windows network credentials. This happens when Zoom converts Windows UNC paths into clickable links,” the report detailed. It also went through Zoom’s preventative migration, detective mitigation, and corrective mitigation. As a result, the working group found “proper threat modeling allows security architectures and developers time to evaluate control gaps,” and that Agile development could help teams better respond to feature requirements. 

“These case studies identify where and how CSA Top Threats fit in a greater security analysis while providing a clear understanding of how lessons and mitigation concepts can be applied in real-world scenarios,” said John Yeoh, global vice president of research for the Cloud Security Alliance.