Cloud infrastructure affords organizations tremendous amounts of flexibility and agility in managing business IT assets. Administrators can allocate resources based on current business trends and quickly respond to requirements or opportunities with quick deployments of new applications, all without the barriers to entry and overhead maintenance costs associated with managing their own servers. With all of these benefits, it’s no surprise that more and more business IT assets are residing in the cloud.
However, despite the clear benefits cloud environments provide, neglectful management of your organization’s attack surface can create new vectors that could be targeted by malicious attackers.
To prevent this from happening, you must practice attack surface management to maintain inventory of and visibility into your organization’s internet-facing assets. But this is a challenge that grows as more and more cloud-hosted assets come online. Everyday events like employee turnover and new business endeavors can exacerbate the challenge even further.
Consider these scenarios where undiscovered resources lead to a data breach:
1. Cloud Migrations
Your organization has just finished a big migration from traditional server racks to the cloud. You’ve penetration tested the main applications and passed with flying colors, but an internal management portal was also migrated to the cloud without being included in any of the transitional security testing.
While the portal application was probably secure enough to be running internally, an attacker discovers it as part of the organization’s perimeter and notices missing security controls on the login page. Using brute-force or dictionary password attacks, the attacker is able to bypass the portal login and access confidential internal information.
2. Legacy Campaigns
Two quarters ago, your organization ran a successful promotional campaign that involved deploying an application on a new subdomain of your organization’s root domain. The application passed all security controls in your deployment pipeline before going live, but the employee responsible for the domain left the company during the process and the domain was never properly inventoried.
The domain remains live (and unused), and a new zero-day vulnerability against the web framework was just disclosed. Because the domain was never discovered and inventoried, an attacker discovers it and exploits the vulnerability to gain a foothold on the server before your organization can patch the issue.
3. Forgotten Records
Learning from previous mistakes, your organization spins down the cloud-hosted instance of the latest promotional subdomain. However, while the application itself is decommissioned, the DNS record pointing to the subdomain is never removed, and continues pointing to the cloud-hosted resources.
An attacker notices the dangling DNS record, and quickly moves to sign up with the cloud-provider, and either assigns themselves the IP address of the subdomain, or uses various cycling techniques to gain access to it. Once the attacker has that IP, they can host malicious scripts, exploit trust relationships within the environment, and break the content security policy of other applications on the domain.
Avoiding a breach
All of these potential data breach scenarios can be prevented with attack surface management. Keeping a comprehensive list of all your assets and monitoring them for changes is crucial to preventing these kinds of subdomain attacks that put your entire environment at risk. Learn how attack surface management solutions like Halo Security can help you avoid the risks of undiscovered assets.
Editor's note (July 2022): This article was originally posted on the TrustedSite blog in Dec 2020. It has been updated for the Halo Security blog.