The French national agency for information systems security (Agence nationale de sécurité des systèmes d'information - Anssi) has just published its latest IT threat panorama. In it, it warns of the cyber risks to which the use of the Cloud, often poorly controlled, exposes companies.
New digital uses often "poorly mastered
In 2021, Anssi recorded 1,082 proven intrusions into information systems, compared with 786 in 2020, an increase of 37% in one year. This increase is explained by " the specialization and professionalization of attackers " made possible " by accumulated financial gains ".
" A veritable cybercriminal ecosystem with considerable resources has thus gradually been built up and perfected, enabling it to carry out sophisticated attacks," stated Anssi in a recent press release dated March 9, 2022.
Among the vulnerabilities exploited by cybercriminals are online computing platforms, known as "cloud computing". Indeed, contrary to what industry leaders have long claimed, the cloud is not immune to cyberattack.
The health crisis has led to widespread use of this technology, whether in government or business, which has automatically increased the risk of cyber-attacks. What's more, according to Anssi, " these new digital uses " are often " poorly mastered ", leading to " data security flaws ".
Cloud: technical errors increase cyber risk
Yet cloud players have long touted the security of these online computing platforms, which they claim enable businesses to benefit from a high level of protection without having to devote a substantial budget to cybersecurity.
According to experts, while data confidentiality is an issue due to U.S. intelligence regulations, the risk of cyberattacks is low on the Cloud, and only cybercriminals with considerable skills and financial resources are likely to succeed.
However, technical errors are frequent, exposing data stored on the Cloud to a higher cyber risk than industry players claim. In 2020, for example, cybersecurity firm Palo Alto Networks detected over 2,000 unsecured Cloud instances in the space of 4 months.
The Cloud offers high computing power, which is of interest to cybercriminals for cryptocurrency mining operations.
Furthermore, explains Anssi, " many document sharing and collaborative working services allow users to easily reconnect to their services, after initial authentication [...] A growing threat concerns access to these authentication tokens, with attackers attempting to recover them through social engineering ".
The Anssi report "Panorama de la menace informatique 2021" published on March 9, 2022 mentions another technique for stealing authentication tokens, which " consists of installing on the target's file system a token connected to an account controlled by the attacker. When the victim automatically synchronizes his folder in the cloud, he does so with the attacker's folder, not his own. The attacker can thus recover the authentic token and reuse it remotely and discreetly, while erasing all traces of its compromise ".
Storing data in the cloud therefore exposes companies to a significant cyber risk, due to insufficient knowledge of security rules, compounded by other difficulties, such as "heavy dependence on the service provider " and " sometimes opaque responsibility-sharing arrangements ".