CSA 2021년 보안위협 Top 11

1. 데이터 유출

비인가자가 민감 정보, 중요 정보, 기밀 정보를 무단으로 사용하거나 해당 정보가 외부에 공개, 조회, 도난, 유출되는 사례

1. Timehop Security Incident, July 4, 2018: https://www.timehop.com/security/

2. Uber Discloses Year-Old AWS Data Breach, Exposing Millions of Users: https://awsinsider.net/articles/2017/11/21/uber-aws-data-breach.aspx

3. Amazon hit with major data breach days before Black Friday: https://www. theguardian.com/technology/2018/nov/21/amazon-hit-with-major-data- breachdays-before-black-friday

4. VOIPO database exposed millions of call and SMS logs, system data: https://www.zdnet.com/article/voipo-database-exposed-millions-of-call- and-smslogs-system-data/

 

 

2. 잘못된 설정 및 부적절한 변경 제어

잘못 설정된 클라우드 리소스는 데이터 유출의 주요 원인이며, 리소스의 삭제 또는 변경이나 서비스 중단이 발생 가능

1. 120 Million American Households Exposed in ‘Massive’
ConsumerView Database Leak: https://www.forbes.com/sites/
thomasbrewster/2017/12/19/120m-american-households-exposed-in- massiveconsumerview-
database-leak/#37bb94d27961
2. Marketing Firm Exactis Leaked a Personal Info Database with 340 Million
Records: https://www.wired.com/story/exactis-database-leak-340-million- records/
3. Short Circuit: How a Robotics Vendor Exposed Confidential Data for
Major Manufacturing Companies: https://www.upguard.com/breaches/ shortcircuit-
how-a-robotics-vendor-exposed-confidential-data-for-major- manufacturingcompanies

 

3. 클라우드 보안 아키텍처와 전략 미흡

클라우드 이전에 대해 기존 IT 스택과 보안 제어 기능을 클라우드 환경에 그대로 이식하는 “lift-and shift” 방법 위험

공동 책임 모델에 대한 낮은 이해도 

1. Introduction to Cloud Security Architecture from a Cloud Consumer’s Perspective:
https://www.infoq.com/articles/cloud-security-architecture-intro
2. The New Shared Responsibility Model For Cloud Security: https://www.
forbes.com/sites/forbestechcouncil/2018/10/15/the-new-shared-
responsibility-model-for-cloud-security/#508d0f422490
3. The Importance of a Defined Cloud Strategy: https://www.expedient.com/
blog/the-importance-of-a-defined-cloud-strategy/
4. Accenture left a huge trove of highly sensitive data on exposed servers:
https://www.zdnet.com/article/accenture-left-a-huge-trove-of-client-
passwords-on-exposed-servers/
5. The Consequences of a Cyber Security Breach: https://www.sungardas.com/
en/about/resources/articles/the-consequences-of-a-cyber-security-breach/
6. Why Enterprise Architecture Deserves a Seat at the Security Table:
https://erwin.com/blog/enterprise-architecture-seat-security-table/
7. Personal data of over 50,000 Honda Connect App leaked: https://www.
hackread.com/personal-data-of-over-50000-honda-connect-app-leaked/

 

4. 불충분한 ID, 자격 증명, 액세스 및 키 관리

클라우드 컴퓨팅은 ID, 자격 증명 및 액세스 관리에 큰 영향을 미침

1. German Man Confesses to Hacking Politicians’ Data, Officials Say: https://
www.nytimes.com/2019/01/08/world/europe/germany-hacking-arrest.html
2. German data hacker says he was ‘annoyed’ by politicians: https://www.
irishtimes.com/news/world/europe/german-data-hacker-says-he-was- annoyedby-
politicians-1.3751332
3. Deloitte hit by cyber-attack revealing clients’ secret emails: https://www.
theguardian.com/business/2017/sep/25/deloitte-hit-by-cyber-attack-
revealing-clients-secret-emails
4. Deloitte breached by hackers for months: https://blog.malwarebytes.com/
security-world/2017/09/deloitte-breached-by-hackers-for-months/
5. Major identity manager breach exposes sensitive user info: https://
www.engadget.com/2017/06/03/major-identity-manager-breach-stole- sensitiveuser-
info/?guccounter=1
6. OneLogin, May 31, 2017 Security Incident: https://www.onelogin.com/
blog/may-31-2017-security-incident
7. System Shock: How A Cloud Leak Exposed Accenture’s Business: https://
www.upguard.com/breaches/cloud-leak-accenture
8. Quora breach leaks data on over 100 million users: https://www.engadget.
com/2018/12/03/quora-breach/
9. Attackers Scrape GitHub for Cloud Service Credentials, Hijack Account to
Mine Virtual Currency: http://www.forbes.com/sites/
runasandvik/2014/01/14/attackers-scrape-github-for-cloud-service-
credentials-hijack-account-to-mine-virtual-currency/
10. Dell Releases Fix for Root Certificate Fail: http://www.bankinfosecurity.
com/dell-releases-fix-for-root-certificate-fail-a-8701/op-1

5. 계정 하이재킹

악의적인 공격자가 특권이 있거나 민감한 계정에 접근하여 계정을 탈취하는 공격방법

클라우드 환경에서 위험이 가장 높은 계정은 클라우드 콘솔 서비스 계정 또는 구독(Subscription)이 주요 대상

1. Murder in the Amazon cloud: https://www.infoworld.com/article/2608076/ datacenter/
murder-in-the-amazon-cloud.html
2. Alleged hacker tried to sell details of 319 million iCloud users for bitcoin:
https://www.cultofmac.com/583836/alleged-hacker-tried-to-sell-details- of-319-
million-icloud-for-bitcoin/
3. PoC Exploit Compromises Microsoft Live Accounts via Subdomain Hijacking:
https://threatpost.com/poc-exploit-compromises-microsoft-live-accounts- viasubdomain-
hijacking/138719/
4. How can Office 365 phishing threats be addressed?: https://www.
helpnetsecurity.com/2018/05/18/office-365-phishing-threats/

 

6. 내부자 위협

조직의 자산에 대한 접근 권한을 가지고 있거나 특권이 있는 개인이 악의적으로 또는 의도하지 않게 조직에 부정적인 영향을 미칠 수 있는 방식으로 접근 권한을 사용할 수 있는 가능성

1. CERT Definition of an ‘Insider Threat’ - Updated: https://insights.sei.cmu.
edu/insider-threat/2017/03/cert-definition-of-insider-threat---updated.html
2. Cloud Security Risks and Concerns in 2018: https://blog.netwrix.
com/2018/01/23/cloud-security-risks-and-concerns-in-2018/
3. IBM X-Force Threat Intelligence Index 2018: https://www-01.ibm.com/
common/ssi/cgi-bin/ssialias?htmlfid=77014377USEN
4. Insider Threat – 2018 Statistics: https://www.uscybersecurity.net/insider-
threats-2018-statistics//2018_Global_Cost_of_a_Data_Breach_Report.pdf
5. Examining the 2018 Cost of a Data Breach: https://databreachcalculator.
mybluemix.net/assets/2018_Global_Cost_of_a_Data_Breach_Report.pdf
6. Tesla’s Tough Lesson on Malicious Insider Threats: https://www.
infosecurity-magazine.com/news/teslas-tough-lesson-on-malicious/
7. The 6 Worst Insider Attacks of 2018 – So Far: https://www.darkreading.
com/the-6-worst-insider-attacks-of-2018---so-far/d/d-id/1332183

7. 안전하지 않은 인터페이스 및 API

클라우드 컴퓨팅 제공자는 고객이 클라우드 서비스를 관리하고 상호 작용할 수
있도록 일련의 소프트웨어 사용자 인터페이스(UI) 및 API를 제공한다. 

잘못 설계된 API는 데이터 오용 또는 더 심각한 데이터 유출로 이어질 수 있다. 

1. The Treacherous 12: Top Threats to Cloud Computing + Industry Insights:
https://downloads.cloudsecurityalliance.org/assets/research/top-threats/
treacherous-12-top-threats.pdf
2. Cloud API security risks: How to assess cloud service provider APIs: https://
searchcloudsecurity.techtarget.com/tip/Cloud-API-security-risks-How-to- assesscloud-
service-provider-APIs
3. Insecure API Implementations Threaten Cloud: https://www.darkreading.
com/cloud/insecure-api-implementations-threaten-cloud/d/d-id/1137550
4. Facebook data breach highlights API vulnerabilities: https://www.
pingidentity.com/en/company/blog/posts/2018/facebook-data-breach- highlightsapi-
vulnerabilities.html
5. Facebook says at least 50 million users affected by security breach: https://
techcrunch.com/2018/09/28/facebook-says-50-million-accounts-affected- byaccount-
takeover-bug/
6. Cloud Security Threats - Insecure APIs: https://community.hpe.com/t5/
Shifting-to-Software-Defined/Cloud-Security-Threats-Insecure-APIs/ba-
p/6871684#.XBkCEGhKiUl

8. 취약한 제어 영역

취약한 제어 영역은 시스템 설계자 또는 DevOps 엔지니어와 같은 책임자가 데이터 인프라의 로직, 보안 및 검증을 

완전히 제어하지 못하는 것을 의미

1. Uber fined $148m for failing to notify drivers they had been hacked:
https://www.theguardian.com/technology/2018/sep/26/uber-hack-fine- driverdata-
breach
2. Exposed S3 bucket compromises 120 million Brazilian citizens: https://www.
scmagazine.com/home/security-news/exposed-s3-bucket-compromises- 120-
million-brazilian-citizens/

9. 메타스트럭처와 애플리스트럭처의 설계 미흡

메타스트럭처는 클라우드 서비스 제공자와 고객의 경계선(소위 waterline)으로 알려져 있다.

CSP가 API를 잘못 구현할 경우 공격자는 이를 통해 서비스의 기밀성, 무결성, 가용성을 위배하여 

클라우드 사용자에게 위협을 가할 수 있다.

1. Why Cloud Security Is Everyone’s Business: https://www.gartner.com/
smarterwithgartner/why-cloud-security-is-everyones-business/
2. Source: Deloitte Breach Affected All Company Email, Admin Accounts:
https://krebsonsecurity.com/2017/09/source-deloitte-breach-affected-all- companyemail-
admin-accounts/
3. Deloitte hack hit server containing emails from across US government:
https://www.theguardian.com/business/2017/oct/10/deloitte-hack-hit- servercontaining-
emails-from-across-us-government
4. Deloitte Gets Hacked: What We Know So Far: http://fortune.
com/2017/09/25/deloitte-hack
5. “Get Off of My Cloud”: Cloud Credential Compromise and Exposure: https://
www.defcon.org/images/defcon-19/dc-19-presentations/Feinstein-Jarmoc/ DEFCON19-
Feinstein-Jarmoc-Get-Off-of-My-Cloud.pdf
6. Netflix Cloud Security: Detecting Credential Compromise in AWS: https://
medium.com/netflix-techblog/netflix-cloud-security-detecting-credential-
compromise-in-aws-9493d6fd373a
7. Microsoft Security Intelligence Report: https://download.microsoft.com/
download/F/C/4/FC41DE26-E641-4A20-AE5B-E38A28368433/Security_
Intelligence_Report_Volume_22.pdf
8. Microsoft warns that hackers are increasingly targeting cloud accounts:
https://www.theinquirer.net/inquirer/news/3016031/microsoft-warns- thathackers-
are-increasingly-targeting-cloud-accounts
9. Microsoft Security Intelligence Report volume 23 is now availablePoorly
secured Cloud Apps: https://cloudblogs.microsoft.com/
microsoftsecure/2018/03/15/microsoft-security-intelligence-report- volume23-
is-now-available/
10. Understand top trends in the threat landscape: https://www.microsoft.
com/sir
11. What Is Amazon EC2?: https://docs.aws.amazon.com/AWSEC2/latest/
UserGuide/building-shared-amis.htm
12. Virtual machine prerequisites: https://docs.microsoft.com/en-us/azure/
marketplace/cloud-partner-portal/virtual-machine/cpp-prerequisites
13. How to Log a Security Event Support Ticket: https://docs.microsoft.com/ enus/
azure/security/azure-security-event-support-ticket
14. Apple tells app developers to disclose or remove screen recording code:
https://techcrunch.com/2019/02/07/apple-glassbox-apps/
15. Announcing AWS CloudTrail: https://aws.amazon.com/about-aws/whats-
new/2013/11/13/announcing-aws-cloudtrail/
16. AWS Discussion Forums - AWS CloudTrail Feature Additions: https://
forums.aws.amazon.com/forum.jspa?forumID=168
17. AWS Discussion Forums - AWS CloudWatch Feature Aadditions: https://
forums.aws.amazon.com/forum.jspa?forumID=138
18. Announcing the public preview of Azure Monitor: https://azure.microsoft.
com/en-us/blog/announcing-the-public-preview-of-azure-monitor/
19. Azure AD Activity Logs in Azure Monitor Diagnostics now in public preview:
https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/ Azure-ADActivity-
Logs-in-Azure-Monitor-Diagnostics-now-in/ba-p/245435

 

10. 클라우드의 비가시성

인가되지 않은 앱 사용 : 섀도우 IT(Shadow IT)라는 자체 지원 모델 

인가된 앱 오용 : 내부자가 승인된 애플리케이션을 어떻게 사용하고 있는지 분석할 수 없는 경우

1. 22K Open, Vulnerable Containers Found Exposed on the Net: https://
threatpost.com/22k-open-vulnerable-containers-found-exposed-on-the-
net/132898/
2. Five Ways Shadow IT in the cloud hurts your enterprise: https://www.
networkworld.com/article/2997152/cloud-computing/five-ways-shadow-it- in-thecloud-
hurts-your-enterprise.html
3. Cloud Adoption and Risk Report: https://info.skyhighnetworks.com/WP-
CARR-Q2-2015_Download_White.html?Source=website&LSource=website
4. https://go.oracle.com/LP=79796?elqCampaignId=168050

11. 클라우드 서비스 남용 및 악용

악의적인 행위자는 사용자, 조직 또는 타 클라우드 제공자를 대상으로 클라우드 컴퓨팅 자원을 활용할 수 있다

1. Malware Used by China APT Group Abuses Dropbox: http://www.
securityweek.com/malware-used-china-apt-group-abuses-dropbox
2. Zepto variant of Locky ransomware delivered via popular Cloud Storage
apps: https://resources.netskope.com/h/i/273457617-zepto-variant-of- lockyransomware-
delivered-via-popular-cloud-storage-apps
3. CloudSquirrel Malware Squirrels Away Sensitive User Data Using Popular
Cloud Apps: https://resources.netskope.com/h/i/272453388-cloudsquirrel- malwaresquirrels-
away- sensitive-user-data-using-popular-cloud-apps
4. CloudFanta Pops with the Cloud using SugarSync: https://resources.
netskope.com/h/i/295875750-cloudfanta-pops-with-the-cloud-using- sugarsync
5. Data Theft Via the Cloud: You Don’t Need Flash Drives Any More: https://
blog.learningtree.com/data-theft-via-cloud-dont-need-flash-drives/
6. What Is Cloud DLP?: https://digitalguardian.com/blog/what-cloud-dlp
7. Best Practices for Cloud Security: https://insights.sei.cmu.edu/sei_
blog/2018/03/best-practices-for-cloud-security.html

 

참고 : http://blog.securityplus.or.kr/2021/11/top11-csa.html