View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cloud
May 1, 2015

Infrastructure clouds left at risk from talentless hackers

Microsoft Azure and friends may not be being secured properly.


Symantec has warned that infrastructure-as-a-service (IaaS) clouds such as Microsoft Azure are vulnerable to attacks even from unskilled hackers.

A recent investigation by the security vendor showed that unsecured cloud "buckets" used for storing data could be accessed without the need for login details so long as the hacker could guess the right web address.

This was done by writing a script capable of guessing the domain names, even though there was no central listing of all the domain prefixes for the given cloud provider.

Candid Wueest, threat research at Symantec, said in their research that: "Not all of the accessible data blobs contained sensitive information. Some files were just images or public html files."

However he added that one particular file was uncovered from a payment processor company which turned out to be a database backup that included credit card logs, user IDs, email addresses and passwords.

Such data could then be sold on cybercrime forums for use by fraudsters and other hackers.

"Our research has proven that this attack method is highly feasible and the sensitive data that was uncovered is real, indicating that this is not just a hypothetical attack scenario," Wueest said.

Content from our partners
Why all businesses must democratise data analytics
How start-ups can take the next step towards scaling up
Unlocking the value of artificial intelligence and machine learning

"The problems illustrated in this research are not isolated to just one single cloud service provider. Similar attacks could be carried out against other cloud infrastructures."

Cloud customers are advised to take the time to understand their product settings in order to avoid falling prey to similar cyberattacks, as well as keep an event log to monitor who is accessing the service.

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy