csa

Treacherous 12: Top Threats to Cloud Computing + Industry Insights

Top Threats to Cloud Computing

SEATTLE, Oct. 20, 2017 /PRNewswire/ — The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced an updated ‘Treacherous 12: Top Threats to Cloud Computing + Industry Insights,” a refreshed release to the 2016 report that includes new real-world anecdotes and examples of recent incidents that relate to each of the 12 cloud computing threat categories identified in the original paper.

It's our hope that these updates will not only provide readers with more relevant context in which to evaluate the top threats, but that the enhanced paper will provide them with a real-world glimpse into what is currently occurring in the security industry,” said Scott Field, partner architect with Microsoft Corp. and chair of the CSA Top Threats Working Group.

The anecdotes and examples mentioned in this document include:

  • Yahoo breach – Data Breaches
  • LinkedIn failure to salt passwords when hashing – Insufficient Identity Credential Access Management
  • Instagram abuse of account recovery – Insufficient Identity Credential Access Management
  • OAuth Insecure implementation – Account Hijacking
  • Zynga ex-employees alleged data theft – Malicious Insiders
  • Yahoo breach – Insufficient Due Diligence
  • MongoDB Mexican voter information leak – Insufficient Identity Credential Access Management
  • Dyn DDoS attack – Denial of Service
  • Dirty Cow Linux privilege escalation vulnerability – System Vulnerabilities
  • T-Mobile customer information theft – Malicious Insiders
  • MongoDB unprotected, attacked by ransomware – Insufficient Identity Credential Access Management
  • Malware using cloud services to exfiltrate data and avoid detection – Abuse and Nefarious Use of Cloud
  • Australian Bureau of Statistics denial of service – Denial of Service
  • Virlock ransomware – Data Loss
  • Zepto ransomware spread and hosted on cloud storage services – Abuse and Nefarious Use of Cloud
  • CloudSquirrel malware hosting command and control (C&C) in Dropbox – Abuse and Nefarious Use of Cloud
  • CloudFanta Malware using cloud storage for malware delivery – Abuse and Nefarious Use of Cloud
  • Moonpig insecure mobile application – Insecure Interface and APIs
  • Cloudflare/Cloudbleed buffer overrun vulnerability – Shared Technology Vulnerabilities
  • NetTraveler advanced persistent threats – Advanced Persistent Threats (APTs)

The Treacherous 12 report provides organizations with an up-to-date, expert-informed understanding of cloud security concerns in order to make educated risk-management decisions regarding cloud adoption strategies. The report reflects the current consensus among security experts in the CSA community about the most significant security issues in the cloud.

The CSA Top Threats Working Group is responsible for providing needed context to assist organizations in making educated risk management decisions regarding their cloud adoption strategies. The CSA Top Threats Working Group is led by Scott Field, along with long-time cloud security professionals Jon-Michael Brook, a principal/Security, Cloud & Privacy at Guide Holdings, and Dave Shackleford, a principal consultant with Voodoo Security.

The CSA invites interested companies and individuals to support the group's research and initiatives. Companies and individuals interested in learning more or joining the group can visit the Top Threats Working Group page.

To access the full report visit https://cloudsecurityalliance.org/download/top-threats-cloud-computing-plus-industry-insights

About Cloud Security Alliance

The Cloud Security Alliance (CSA) is the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. CSA's activities, knowledge and extensive network benefit the entire community impacted by cloud — from providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.

SOURCE Cloud Security Alliance

CloudBuzz

The latest in curated technology related news collected from many of the leading news distribution, industry research and technology vendor firms on the planet.

Here you will find recent news sources from companies such as Reuters, Marketwired, IDC, Gartner or directly from cloud vendors such as Google, Microsoft or Amazon.

Key Takeaways From Dyn's DDoS Attack

Key Takeaways From Dyn’s DDoS Attack

DDoS Attack Takeaways  If you tried to access some of the world’s most popular websites, such as Twitter, Spotify, CNN, ...
Why Open Source Technology is the Key to Any Collaboration Ecosystem

Why Open Source Technology is the Key to Any Collaboration Ecosystem

Open Source Collaboration Ecosystem Open source – software whose source code is public and can be modified or shared freely ...
Fundamental Technology For An Autonomous Driving Future

Fundamental Technology For An Autonomous Driving Future

Driving Into The Autonomous Future Over-the-air (OTA) update capabilities are incredibly important to the automotive industry—in fact, they’re quite literally ...
The Need For Cloud Experts

Cloud Migrations And The Need For Experts

The Need For Cloud Experts One of the things that worries me about organizations considering cloud migrations is the reality ...
cloud 2020

IoTT, The Internet of Things, Tomorrow

What Should Your Home Be Telling You? Home. The place where you lay your head to sleep, where a roof ...
How Blockchain has Unexpectedly Improved Big Data Integrity

How Blockchain has Unexpectedly Improved Big Data Integrity

Big Data Integrity Blockchain technology was developed to improve the integrity of bitcoin. However, as bitcoin became more popular, its ...
Fintech Dark Web

An End to Credit Cards? How the Dark Web Is Pushing Fintech Towards Blockchain

Dark Web Pushing Fintech Towards Blockchain As Jennifer Klosterman points out, “There are many strong reasons for reputable businesses to ...
Gartner’s Hype Cycle for Emerging Technologies, 2017 Adds 5G, Edge Computing For First Time

Gartner’s Hype Cycle for Emerging Technologies, 2017 Adds 5G, Edge Computing For First Time

Gartner’s Hype Cycle for Emerging Technologies Gartner added eight new technologies to the Hype Cycle this year including 5G, Artificial ...
The Future of Big Data and DNS Analytics

The Future of Big Data and DNS Analytics

Big Data and DNS Analytics Big Data is revolutionizing the way admins manage their DNS traffic. New management platforms are ...
The Myths Vs Facts of Governance, Risk and Compliance

The Myths Vs Facts of Governance, Risk and Compliance

Governance, Risk, Compliance As disruptive technology changes the way businesses operate and communicate internally and externally, companies are facing increasing ...