In this article, we look at why and how networkless attacks (which target cloud apps and identities) have created new opportunities for attackers and new risks for businesses, plus what your business can do to mitigate these risks.
The Move To SaaS and Cloud
In the rapidly evolving digital landscape, one of the key drivers enabling attackers to compromise an organistaion without needing to touch the endpoint or conventional networked systems and services is the increased reliance on cloud-based services and software-as-a-service (SaaS) applications (to drive efficiency and innovation). This shift, while beneficial, has also created new cybersecurity challenges for businesses, primarily due to the decentralisation of ‘digital identities’ and the interconnected nature of cloud services.
The SaaS Revolution and Its Impact on Security
The proliferation of SaaS applications is a direct result of the digital transformation that has reshaped the business world. For example, companies can now be using hundreds (if not thousands) of cloud applications to perform daily operations, from customer relationship management to financial operations. This shift is driven by the convenience and scalability of SaaS solutions, however it comes with inherent security risks.
The new risk that businesses are facing is that each application potentially serves as an entry point for malicious actors, and the interconnectivity between these apps can allow a breach in one service to cascade through to others.
Why Digital Identities Are The New Security Battleground
As the traditional network perimeter dissolves, digital identities become the new security frontier. Put simply, a digital identity can be a user account created for services that someone in the business has signed up for using a username/email and password. More broadly, it can also mean other personal data used to identify and authenticate users online.
These digital identities, which provide access to a myriad of cloud applications, are now central targets for attackers. Securing them has become increasingly complex due to the sheer number of them that businesses may be using and their dispersion across various cloud platforms, each with its own security environment. This decentralisation not only makes consistent security policies harder to enforce but also increases the complexity of monitoring these identities for potential breaches.
How Attackers Are Exploiting Vulnerabilities in Cloud Identities
Attackers have adapted to this new environment by developing sophisticated techniques to exploit vulnerabilities in cloud identities without ever touching the physical endpoints or traditional networked systems.
Examples of techniques include AiTM (Adversary in The Middle) phishing, SAMLjacking, and Oktajacking, all of which exploit weaknesses in the authentication processes and session management of cloud services.
AiTM phishing involves intercepting and manipulating real-time data during a session to steal credentials or manipulate transactions. SAMLjacking and Oktajacking focus on manipulating Single Sign-On (SSO) processes to gain unauthorised access.
Security stats now increasingly reveal that attackers are deliberately targeting cloud services as a way into organisations. For example, CrowdStrike figures show that 3 out of 4 attacks last year were malware-free (malware used to be one of the main threats) and that the targeting of cloud services has increased 110 per cent. This helps to illustrate why cloud identities are the new digital perimeter and that Cloud apps and identities (because of the shift to cloud services) now give attackers the same result as old-style attacks without them having to try and breach a network perimeter via the endpoint.
The Security Gap in Identity Management
Despite advances in cybersecurity, it’s clear to see why many businesses are now vulnerable to identity-based attacks. Traditional security measures like endpoint detection and response (EDR) systems and firewalls, for example, are less effective in a cloud-centric world where applications are accessed primarily through web browsers. This gap is exacerbated by the reactive nature of many security strategies, which focus on mitigating threats after they have been detected rather than preventing them proactively.
What Does This Mean for Your Business?
For UK businesses, their move to the cloud and the usage of a wide range and complicated combination of SaaS apps, digital identities, and the interconnection and decentralisation of these have meant that they are now vulnerable to networkless attack techniques, perhaps without realising it until now. The shift to cloud computing has not only expanded the attack surface but also highlighted the inadequacies of traditional security models in protecting digital identities. This means that UK businesses must now take a much closer look at the security of these identities as part of their overall cybersecurity strategy.
To mitigate the risks associated with networkless attacks, businesses should perhaps consider adopting a zero-trust security model, which assumes that threats could be internal or external and verifies each identity and device continuously, regardless of their location. Additionally, enhancing visibility across all cloud services and implementing advanced security measures like multi-factor authentication (MFA), behavioral analytics, and more sophisticated identity and access management (IAM) solutions could help.
In short, as these networkless attacks continue to evolve, UK businesses must be proactive with security, stay vigilant and adapt their security strategies. By understanding the vulnerabilities associated with digital identities and cloud services, and implementing security measures accordingly, businesses can safeguard their assets in the cloud era.