The names of over 1.5 million individuals were published on the dark web in January after a hacker gained access to the TSA’s “No Fly List.” That’s a lot of names (including aliases and birth dates), so why wasn’t the list secure, and how did it get leaked?
The entire breach came down to one small business with one misconfigured server.
According to BleepingComputer and other reports, a Swiss hacker found a misconfigured AWS server that contained the list and published it on a hacking forum. The server belonged to a small Midwest airline, CommuteAir. According to CNN, the hacker has a history of hacking within the US and identifies as an ethical hacker interested in exposing surveillance programs.
How Misconfigurations Create Security Issues
The cloud is now commonplace for organizations of all sizes. Keeping important documents in the cloud, especially for an airline where users might be logging in from different airports around the country, makes complete sense. But whereas cloud adoption has been rapid, cloud security has lagged.
While 99% of organizations utilize at least one form of the cloud, only 19% of those organizations employ any form of cloud security posture management (CSPM). That’s a huge gap that hackers are eager to take advantage of.
While this specific incident is still being investigated by the Federal Government, it’s known that a misconfiguration was at the root of the breach. The cloud is complex, vast, and the needs of an organization utilizing it differs business by business. If an organization is not staying on top of their cloud security, or utilizing an automated solution, misconfigurations become a distinct possibility.
In fact, studies indicate that 65%-70% of all cloud breaches arise from misconfigurations.
Common cloud misconfigurations include:
- Unrestricted inbound and outbound ports
- Failing to manage the Internet Control Message Protocol (ICMP) properly
- Poor identity management and access controls
- Improper API management and documentation
While the details of the hack are still under investigation, we know critical infrastructure is a common target for threat actors, and a smaller airline that may have less cybersecurity seems like a prime place for a hacker to poke around and see what they can find.
How to Prevent Against Cloud Breaches
While misconfigurations create risk, cloud breaches can be prevented with diligence and a comprehensive strategy.
There are two main ways organizations can protect their cloud environments.
- Invest in a CSPM solution that mixes automation with human expertise. A strong CSPM solution will allow for better visibility, cloud monitoring, a reduction in alert fatigue, and cloud threat hunting.
- Monitor the cloud environment with a cloud detection and response solution. Cloud detection and response solutions can provide continuous monitoring, respond to immediate threats, and create more visibility within the cloud environment.
These two solutions, together, can create a proactive approach that protects an organization’s cloud environment before and after a security incident.
Learn more about cloud security with the “Cloud Security Buyers Guide.”
Secure your cloud infrastructure with the guide “Securing Cloud Infrastructure: AWS & Azure.”
And learn more about the dangers of vulnerabilities with our on-demand webinar.
