Zone of Exclusion: stalkers of abandoned clouds
Cloud infrastructure is complex, and the word is usually used where security is at risk. Cloud storage where provides solutions and ease too much, brings up a key concern of security.
A survey found out that 93% of companies are regularly extremely concerned about their data stored on the cloud. Since a small error from cloud service providers can expose the data of several firms to attackers in just a small fraction of time.
According to a paper written by Symantec, in 2018, nearly 70 million records were leaked and stolen from cloud storage buckets. The report also shined the light on tools that helped attackers detect the misconfigured cloud storage and attack.
Another prominent example is when Uber's cloud server got hacked in 2016. The hackers gained access to 57 million accounts registered with uber, including both driver's and clients' accounts.
Such vulnerabilities escalate quickly and put the private and personal data of organizations and their customers at risk.
Table of Contents
Disclaimer: This blog makes readers understand the risks and threats of using cloud storage. We do not want to cause defamation to any cloud storage enlisted or named within the blog. The blog is just for educational purposes.
Image source – pixabay.com
At its elementary level, "cloud storage" is just a decorated conversation of network-connected servers. When you save files to the cloud, they can be accessed from any computer connected to that cloud's network. In other words, additional storage for your device except the data is accessible online only.
You might be hearing a lot about Cloud storages these days because more and more organizations and people are heavily migrating to cloud storage. Caring for physical drives and setups, difficulties in moving around and accessing data, managing the optimum temperature for the drives to run efficiently, it all requires a lot of effort and workforce, what cloud does is minus this effort and gives you space to store your data at very reasonable prices.
The benefits of cloud storage are such an eye-catcher, but its disadvantages must be considered before switching to it completely. Some of its pros and cons are listed below.
There's no simple answer to this, as security breaches and data thefts usually happen due to humans' physical error rather than the vulnerabilities in cloud infrastructure. Apart from that, it depends heavily upon what kind of data you save on your cloud storage because of its massive support to every type of data like you store on your hard drive or any other physical storage device, which might include:
- Your photos, videos, documents, etc
- Files of any project you're working on.
- Other settings, programs, logs, even junk files, and garbage.
Everything on your device can be saved on cloud storage and could be sniffed by third parties or hackers. But it's easy to say that your files and data are safer on something physically in front of you; in this way, you can see if it's being sniffed or triggered somehow.
Cloud storage, as you know, isn't physically in front of you, and in 90% of cases, you don't know the exact location or even the country in which the cloud server is kept; therefore, your data is comparatively unsafe on cloud storages.
Image source – pixabay.com
- Common reasons behind Abandoned Cloud Storages
- Common threats Abandoned Cloud Storage impose.
- How is Data of an Abandoned Cloud Storage at risk?
Hence the name suggests, abandoned cloud storages are inactive/unused cloud storage. They're such storages which were once used and now abandoned. Several explanations might be overdue, but the one accountable for 81% of abandoned cloud storage is a forgotten password and a refusal to go for its recovery. The thing that must be kept in mind is the data and information don't get deleted on their own. It keeps on lying there for years.
Your cloud storage can go unattended or abandoned for many reasons, such as the migration of an organization to some other cloud storage or project cancellation or some outdated or old-fashioned project files, or project managers changing jobs.
These not only contribute to cloud waste but also raise security issues and concerns. With each passing day, more and more attention is being directed towards this severe issue as this issue, if left unattended, may cause big trouble for many such as attackers might exploit account keys to gain access to cloud storage accounts which might further be used for cryptocurrency mining or in worst cases, compromising your data, Etc.
The primary fear and query most individuals have is the common threats caused by abandoned cloud storage? As grave as the topic, the answer to this is wide-ranging too. Common threats arise from the stuff you save on your cloud storage.
We directed a study and found seven kinds of data which was of great fear not just to their owners but to all and sundry as if the data cascades into incorrect hands, it may perhaps base trouble:
- Photos of official documents like Identity Card, Driving License, Domicile, Educational Certificates, Passport, Insurance Certificates, etc.
- Family and personal Pictures/Videos.
- Valid QR codes for several applications like QR codes for WhatsApp chat group, etc.
- Details of transactions, Photographed Cheque Book, Credit/Debit Card, Any document has account details, Etc.
- IMEI or such sensitive Information of a mobile device.
- Credentials of some other account or accounts in some cases.
- Crucial Information regarding any research of the user, details of a project, or tutorial to any of inventions.
As we made it clear earlier, sensitive Information and credentials are sold in some deep dark corner of the web. We visited some of those corners and found the following offers and prices:
- 250-350$ for 1 Million+ combination of login passwords of several well-known sites.
- 400-500$ for 1 Million+ combination of login passwords of corporate mailboxes.
- 200-250$ per 1 Million+ combination of mixed databases.
All of this is reasonably inexpensive compared to the risks it can cause; out of a million, at least a hundred accounts have such sensitive data that can be used for blackmailing and drawing an immeasurable amount from the prey.
Apart from these applications, which are named Steelers, they are also available at cheap rates. These help to take control of the desired account. Two of them are as follow:
- AZORult Steeler available for 80-110$
- UFR Steeler available for 20-50$
And not only is this but several other ways also there which even can pose serious threats to operated cloud storage.
Image source – pixabay.com
Abandoned cloud storage imposes a series of threats. I contemplate that it is meaningless to say it is hard to find your abandoned cloud storage in today's world. If hackers can find your abandoned cloud storage, you can find it too. Google Inc has introduced this feature which is now officially available for public use.
The feature is known as "The Unattended Project Reminder." It aims to address security concerns raised by abandoned and forgotten cloud storage. With the help of this project, insights and recommendations can be sent via email to cloud storage owners and removed temporarily; if not activated within 30 days, they might be deleted forever.
However, apart from that, a bit of digital hygiene can save you from several problems, which includes
- Keeping an eye on the data stored on the cloud drive
- Maintaining a strong password
- Using a Service that Encrypts your data
- Using 2 Factor Authentication
- Keeping your data divided in different cloud storages
Still dodging a targeted attack is impossible for an average user. However, the episodes are usually massive and focus on a number of users like The Great iCloud Hack 2014; keeping unnecessary and non-personal data in cloud drive is the best solution.