csa

Treacherous 12: Top Threats to Cloud Computing + Industry Insights

Top Threats to Cloud Computing

SEATTLE, Oct. 20, 2017 /PRNewswire/ — The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced an updated ‘Treacherous 12: Top Threats to Cloud Computing + Industry Insights,” a refreshed release to the 2016 report that includes new real-world anecdotes and examples of recent incidents that relate to each of the 12 cloud computing threat categories identified in the original paper.

It’s our hope that these updates will not only provide readers with more relevant context in which to evaluate the top threats, but that the enhanced paper will provide them with a real-world glimpse into what is currently occurring in the security industry,” said Scott Field, partner architect with Microsoft Corp. and chair of the CSA Top Threats Working Group.

The anecdotes and examples mentioned in this document include:

  • Yahoo breach – Data Breaches
  • LinkedIn failure to salt passwords when hashing – Insufficient Identity Credential Access Management
  • Instagram abuse of account recovery – Insufficient Identity Credential Access Management
  • OAuth Insecure implementation – Account Hijacking
  • Zynga ex-employees alleged data theft – Malicious Insiders
  • Yahoo breach – Insufficient Due Diligence
  • MongoDB Mexican voter information leak – Insufficient Identity Credential Access Management
  • Dyn DDoS attack – Denial of Service
  • Dirty Cow Linux privilege escalation vulnerability – System Vulnerabilities
  • T-Mobile customer information theft – Malicious Insiders
  • MongoDB unprotected, attacked by ransomware – Insufficient Identity Credential Access Management
  • Malware using cloud services to exfiltrate data and avoid detection – Abuse and Nefarious Use of Cloud
  • Australian Bureau of Statistics denial of service – Denial of Service
  • Virlock ransomware – Data Loss
  • Zepto ransomware spread and hosted on cloud storage services – Abuse and Nefarious Use of Cloud
  • CloudSquirrel malware hosting command and control (C&C) in Dropbox – Abuse and Nefarious Use of Cloud
  • CloudFanta Malware using cloud storage for malware delivery – Abuse and Nefarious Use of Cloud
  • Moonpig insecure mobile application – Insecure Interface and APIs
  • Cloudflare/Cloudbleed buffer overrun vulnerability – Shared Technology Vulnerabilities
  • NetTraveler advanced persistent threats – Advanced Persistent Threats (APTs)

The Treacherous 12 report provides organizations with an up-to-date, expert-informed understanding of cloud security concerns in order to make educated risk-management decisions regarding cloud adoption strategies. The report reflects the current consensus among security experts in the CSA community about the most significant security issues in the cloud.

The CSA Top Threats Working Group is responsible for providing needed context to assist organizations in making educated risk management decisions regarding their cloud adoption strategies. The CSA Top Threats Working Group is led by Scott Field, along with long-time cloud security professionals Jon-Michael Brook, a principal/Security, Cloud & Privacy at Guide Holdings, and Dave Shackleford, a principal consultant with Voodoo Security.

The CSA invites interested companies and individuals to support the group’s research and initiatives. Companies and individuals interested in learning more or joining the group can visit the Top Threats Working Group page.

To access the full report visit https://cloudsecurityalliance.org/download/top-threats-cloud-computing-plus-industry-insights

About Cloud Security Alliance

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. CSA’s activities, knowledge and extensive network benefit the entire community impacted by cloud — from providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.

SOURCE Cloud Security Alliance

CloudBuzz

The latest in curated technology related news collected from many of the leading news distribution, industry research and technology vendor firms on the planet.

Here you will find recent news sources from companies such as Reuters, Marketwired, IDC, Gartner or directly from cloud vendors such as Google, Microsoft or Amazon.

The Security Gap: What Is Your Core Strength?

The Security Gap: What Is Your Core Strength?

The Security Gap You’re out of your mind if you think blocking access to file sharing services is filling a ...
ERP Ain’t Got the Same Soul, I Like that Old Time Rock ‘n’ Roll

ERP Ain’t Got the Same Soul, I Like that Old Time Rock ‘n’ Roll

Designing Enterprise Software around People Looking back, business owners talked to their customers and employees in person or by phone ...
73% Are Using Internet Of Things Data To Improve Their Business

73% Are Using Internet Of Things Data To Improve Their Business

Internet Of Things Data According to the Cisco Visual Networking Index, M2M connections will represent 46% of connected devices by ...
Blockchain info

How Can Blockchain-as-a-Service Help Your Business?

Blockchain-as-a-Service “Have you seen the price of Bitcoin?”, “You gotta get in on Ripple, it’s going through the roof!”, “Are we in ...
Journey Science In Telecom: Take Customer Experience To The Next Level

Journey Science In Telecom: Take Customer Experience To The Next Level

Journey Science In Telecom Journey Science, being derived from connected data from different customer activities, has become pivotal for the ...
Business Intelligence And Analytics In The Cloud, 2017

Business Intelligence And Analytics In The Cloud, 2017

Business Intelligence In The Cloud, 2017 78% are planning to increase the use of cloud for BI and data management ...
Teradata sues Germany's SAP, alleging it stole trade secrets

Teradata sues Germany’s SAP, alleging it stole trade secrets

FRANKFURT (Reuters) - SAP SE, Europe’s most valuable technology company, was sued on Wednesday by U.S. company Teradata, which accused it of stealing trade secrets, copyright infringement and anti-trust violations. The case, filed at the ...
AT&T Unveils $15-a-Month Video Service

AT&T Unveils $15-a-Month Video Service

Wireless company’s fees for programmers would depart from industry practice AT&T Inc. T -1.20% on Thursday unveiled a new video service, called WatchTV, that aims to use a “skinny bundle” of channels to recapture some ...
F-Secure Takes A Big Step Towards Cyber Security Leadership By Acquiring MWR InfoSecurity

F-Secure Takes A Big Step Towards Cyber Security Leadership By Acquiring MWR InfoSecurity

Acquisition adds industry leading threat hunting platform to F-Secure’s detection and response offering and expands cyber security services to the biggest markets globally F-Secure Corporation, Stock Exchange Release 18 June, 2018 at 09:00 EEST F-Secure ...