Which Vulnerabilities Threaten Cloud-Based Organizations?

By Anastasios Arampatzis 

Cloud adoption continues to thrive, providing convenience, cost savings, and near-permanent uptimes for organizations compared to on-premises infrastructure. At the same time, threat actors continue to target cloud environments regardless of organization size. Shifting to a cloud model requires a security approach different from that of traditional deployments. A key factor to successful deployment and management of cloud environments is for organizations to understand how threat actors can target them, and how to avoid common pitfalls that leave the cloud vulnerable. 

Cloud vulnerabilities on the rise 

Understanding the vulnerabilities that threaten the organizations in the cloud is crucial because, as IBM Security indicates, they are on the rise. The 2021 IBM Security X-Force Cloud Threat Landscape Report highlights that cloud vulnerabilities are growing in number, totaling over 2,500 vulnerabilities, a 150% increase in the last five years. 

Findings from the same report show that the severity of cloud-targeting vulnerabilities has grown significantly in recent years, likely due to threat actors’ realization that organizations are increasing their use of storing their critical data in multi-cloud environments. Cloud environments are heavily traveled data highways and are a lucrative target for threat actors. 

What are the common cloud vulnerabilities? 

IBM X-Force Incident Response Team analyzed cases involving cloud breaches and identified the most commonly exploited vulnerabilities and misconfigurations. These include: 

Misconfigured resources 

Virtual machines and other resources with default security settings were erroneously exposed to the Internet. This included misconfigured platforms and insufficiently enforced network controls that exposed internal services directly to the Internet, such as the Remote Desktop Protocol (RDP) on Microsoft platforms. IBM’s analysis of dark web markets found that RDP accounted for the access vector in over 70% of cloud resources offered for sale on the dark web. 

Insecure public APIs are a pervasive problem because they are very common and also allow external tools to interact with cloud functionalities, including access to data. The IBM X-Force IR team found that API credential exposure through public code repositories frequently accounted for threat actor access into cloud environments. 

Another major contributor to data breaches in the cloud is unsecured resources that are unintentionally exposed to the internet. These cases include misconfigured object storage services which were found with insufficient hardening and inadequate security controls. The prevalence of Shadow IT can be a key reason for many misconfigured resources. 

Lack of strong access control 

Insufficient access control mechanisms, such as a lack of multi-factor authentication (MFA) for SaaS solutions and federated services with publicly accessible landing pages, is a commonly observed vulnerability. Attackers using stolen or compromised credentials can authenticate themselves into an account without additional hurdles. 

Improper permissions further exacerbate compromises caused by successful password spraying attacks. This sort of attack is easily automated and can scale to target many organizations at once. Once an attacker manages to use a compromised password, their impact is greater in direct proportion to the user’s privilege levels. 

Lack of network segmentation 

Insufficiently segmented virtual networks and promiscuous trust relationships between on-premises and cloud computing environments are among the top three vulnerabilities in the cloud. A compromise in the cloud can enable further lateral movement across systems. Threat actors compromise end-users or systems hosted on-premises and pivot to a cloud environment. This type of compromise can allow threat actors to deepen their hold on organizations and compromise even more organizational resources. 

Why does that matter? The Shared Security Responsibility Model 

Understanding the most common vulnerabilities in the cloud is important because ultimately it is the cloud customer – the organizations moving to the cloud – who is responsible for the security in the cloud. This is the shared security responsibility model, which means that an organization’s security team maintains some responsibilities for security, while the provider takes some responsibility, but not all. The key to a successful cloud security implementation is understanding where your provider’s responsibility ends, and where yours begins. 

In the AWS Shared Security model, AWS claims responsibility for “protecting the hardware, software, networking, and facilities that run AWS Cloud services.” Microsoft Azure claims security ownership of “physical hosts, networks, and data centers.” Both AWS and Azure state that your retained security responsibilities depend upon which services you select. 

The following diagram provides a high-level, vendor-agnostic, conceptual view of a shared responsibility model. 

cloud security alliance


No matter what your computing environment, whether on-premises, public cloud, private cloud, or just hybrid, you are always responsible for securing what’s under your direct control, including: 

  • Data: By retaining control over your data, you control how and when your data is used. The cloud provider has zero visibility into your data, and you maintain all access to your data. 
  • Applications: Your proprietary applications are yours to secure and control throughout the entire application lifecycle – from development to testing and deployment. 
  • Identity and Access: You are responsible for all facets of your identity and access management (IAM) program, including authentication and authorization mechanisms, single sign-on (SSO), multi-factor authentication (MFA), access keys, and credentials. 
  • Platform Configuration: When you deploy cloud computing environments, you control the configuration of the underlying operating environment. Platform configuration varies based on whether your instances are server based or serverless. 

The ADACOM way to the cloud 

ADACOM provides consulting and customized solutions leveraging industry best practices for cloud security to deliver tangible results against threats and vulnerabilities. Gathering intelligence from a wide array of security sources, ADACOM’s principles and solutions focus on the client’s operational needs, risk environment, and compliance requirements.  ADACOM  offers Cloud Environments Penetration Testing services for achieving maximum security in the cloud. With target-specific methodologies and toolkits available, the overall security posture of cloud assets can be improved, by conducting cloud-based security assessment against Azure, AWS, GCP, etc. Our manual penetration testing techniques and scenarios, as well as vulnerability scanning capabilities are offered and conducted focusing on your cloud security needs. 

If you want to find out how we can help you, you may reach out to our experts