csa

Treacherous 12: Top Threats to Cloud Computing + Industry Insights

Top Threats to Cloud Computing

SEATTLE, Oct. 20, 2017 /PRNewswire/ — The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced an updated ‘Treacherous 12: Top Threats to Cloud Computing + Industry Insights,” a refreshed release to the 2016 report that includes new real-world anecdotes and examples of recent incidents that relate to each of the 12 cloud computing threat categories identified in the original paper.

It’s our hope that these updates will not only provide readers with more relevant context in which to evaluate the top threats, but that the enhanced paper will provide them with a real-world glimpse into what is currently occurring in the security industry,” said Scott Field, partner architect with Microsoft Corp. and chair of the CSA Top Threats Working Group.

The anecdotes and examples mentioned in this document include:

  • Yahoo breach – Data Breaches
  • LinkedIn failure to salt passwords when hashing – Insufficient Identity Credential Access Management
  • Instagram abuse of account recovery – Insufficient Identity Credential Access Management
  • OAuth Insecure implementation – Account Hijacking
  • Zynga ex-employees alleged data theft – Malicious Insiders
  • Yahoo breach – Insufficient Due Diligence
  • MongoDB Mexican voter information leak – Insufficient Identity Credential Access Management
  • Dyn DDoS attack – Denial of Service
  • Dirty Cow Linux privilege escalation vulnerability – System Vulnerabilities
  • T-Mobile customer information theft – Malicious Insiders
  • MongoDB unprotected, attacked by ransomware – Insufficient Identity Credential Access Management
  • Malware using cloud services to exfiltrate data and avoid detection – Abuse and Nefarious Use of Cloud
  • Australian Bureau of Statistics denial of service – Denial of Service
  • Virlock ransomware – Data Loss
  • Zepto ransomware spread and hosted on cloud storage services – Abuse and Nefarious Use of Cloud
  • CloudSquirrel malware hosting command and control (C&C) in Dropbox – Abuse and Nefarious Use of Cloud
  • CloudFanta Malware using cloud storage for malware delivery – Abuse and Nefarious Use of Cloud
  • Moonpig insecure mobile application – Insecure Interface and APIs
  • Cloudflare/Cloudbleed buffer overrun vulnerability – Shared Technology Vulnerabilities
  • NetTraveler advanced persistent threats – Advanced Persistent Threats (APTs)

The Treacherous 12 report provides organizations with an up-to-date, expert-informed understanding of cloud security concerns in order to make educated risk-management decisions regarding cloud adoption strategies. The report reflects the current consensus among security experts in the CSA community about the most significant security issues in the cloud.

The CSA Top Threats Working Group is responsible for providing needed context to assist organizations in making educated risk management decisions regarding their cloud adoption strategies. The CSA Top Threats Working Group is led by Scott Field, along with long-time cloud security professionals Jon-Michael Brook, a principal/Security, Cloud & Privacy at Guide Holdings, and Dave Shackleford, a principal consultant with Voodoo Security.

The CSA invites interested companies and individuals to support the group’s research and initiatives. Companies and individuals interested in learning more or joining the group can visit the Top Threats Working Group page.

To access the full report visit https://cloudsecurityalliance.org/download/top-threats-cloud-computing-plus-industry-insights

About Cloud Security Alliance

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. CSA’s activities, knowledge and extensive network benefit the entire community impacted by cloud — from providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.

SOURCE Cloud Security Alliance

CloudBuzz

The latest in curated technology related news collected from many of the leading news distribution, industry research and technology vendor firms on the planet.

Here you will find recent news sources from companies such as Reuters, Marketwired, IDC, Gartner or directly from cloud vendors such as Google, Microsoft or Amazon.

RECENT NEWS

EU privacy regulators to discuss Uber hack next week

EU privacy regulators to discuss Uber hack next week

BRUSSELS (Reuters) - European Union privacy regulators will discuss ride-hailing app Uber’s [UBER.UL] massive data breach cover-up next week and ...
HPE CEO Whitman's surprise exit stumps Wall Street

HPE CEO Whitman’s surprise exit stumps Wall Street

(Reuters) - Shares of Hewlett Packard Enterprise Co (HPE.N) fell 6 percent on Wednesday after Chief Executive Officer Meg Whitman’s ...
Cloud Security Alliance Issues New Code of Conduct for GDPR Compliance

Cloud Security Alliance Issues New Code of Conduct for GDPR Compliance

EDINBURGH, Scotland, Nov. 21, 2017 /PRNewswire-USNewswire/ -- The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining and raising awareness of best practices ...
OVH Announces New Hosted Private Cloud Offerings for US Market

OVH Announces New Hosted Private Cloud Offerings for US Market

OVH delivers next-generation services for hosted private cloud, disaster recovery, and hybridity leveraging industry-leading solutions RESTON, VA--(Marketwired - Nov 20, ...
Rackspace Announces Completion of Datapipe Acquisition

Rackspace Announces Completion of Datapipe Acquisition

Strengthens Commitment to Become the Global Leader in IT as a Service SAN ANTONIO, TX--(Marketwired - November 16, 2017) - Rackspace® ...