Penetration testing and simulation of cyber attacks identify security weaknesses in the cloud

The pandemic has accelerated a cloud computing movement that is gaining momentum with the arrival of 5G. According to estimates by consultancy Gartner, Cloud Computing tends to maintain the growth line, with an increase of 20% this year compared to 2022, which raises the alarm for the security of increasingly decentralized data.

According to the director of the Red Team at Cipher, a cybersecurity company of the Prosegur group, Alexandre Armellini, cloud providers are bound by security regulations and subordinated to the General Data Protection Law (LGPD), but this is not enough. “It is necessary to have an information security plan that includes penetration tests, to prevent, identify and correct network weaknesses”, he explains.

The Penetration Test (or Pentest) in the cloud is a Red Team service for the Cloud and consists of the simulation of a controlled cyber attack for the detection and exploitation of security vulnerabilities in a cloud computing infrastructure, supporting decisions for network improvement and correction data security breaches. Different types of manual methods and automatic tools can be used depending on the type of service and cloud provider used.

“Each provider has its own policy regarding performing penetration tests in the cloud and the scope of penetration testing is dictated by a shared model, established by the Service Level Agreement (SLA) between the customer and the service provider. As a rule, aspects of cloud security, such as the physical protection of infrastructure and data centers, are the responsibility of cloud providers, while security measures related to user identity are the responsibility of the customer”, informs the Red Team director.

By systematically carrying out penetration tests on cloud applications, it is possible to identify and repair problems before the threat is installed on the network, such as:

1. Insecure APIs: Insecure APIs can lead to a large-scale data leak, or even complete data loss. Inadequate access control and lack of inbound sanitization are among the leading causes of API compromise;
2. Incorrect server settings: Service misconfigurations are a common cloud vulnerability (misconfigured S3 Buckets in particular). The most recurrent cloud server configuration errors are improper permissions, unencrypted data and differentiation between private and public data.;
3. Weak credentials: Weak passwords facilitate brute force attacks, in which the attacker can use automated tools to decipher these codes, opening the way to use the account and credentials, which can lead to account theft and data hijacking.;
4. Outdated software: Outdated software contains critical security vulnerabilities that can compromise your cloud services. Most software vendors do not use a streamlined update procedure or users turn off automatic updates themselves. This makes outdated cloud services that hackers identify using automated scanners;
5. Insecure coding practices: Hiring unskilled professionals leads to bad coding practices, reducing network efficiency and causing security bugs. These vulnerabilities are among the leading causes of cloud web services being compromised.

Source: Cipher