Lacework Labs published their 2021 Cloud Threat Report Vol.2 and highlighted that the demand for cloud account access has become a growing business on the dark web. The evidence from the study shows that Initial Access Brokers (IABs) gain access to systems that link to valuable organizations and sell access into the organization for use to the highest bidder. IABs target corporate networks and obtain access to administrative accounts. This access level could result in ransomware, stolen data, malware and more. Additionally, the study found increases in scanning and probing of storage buckets, databases, orchestration systems, and interactive logins.
As many organizations to continue to migrate to the cloud, it is important to initiate a cloud account and architecture with security in mind. Encrypt sensitive data. Configure users, groups and roles with specific access rights and policies. Establish strong password policies with multi-factor authentication (MFA). Enable logging and monitoring services for greater visibility. Implement Web Application Firewall (WAF) ACL’s. Add additional security controls with Cloud Access Security Brokers (CASB). Establish baselines to detect anomalous activity. Additionally, use the Shared Responsibility Model framework provided by your cloud provider to ensure accountability of resources.