EU cyber security agency flags top ten cloud threats

News 15 Jan, 2013

Cloud flagged as an attractive target for hackers and useful base for cyber criminals.

Code injections and malware are the top two emerging threats to cloud computing, according to the EU’s cyber security agency, ENISA.

In a newly published report, Threat Landscape: Responding to the Evolving Threat Environment, the organisation claims cloud is vulnerable to many of the same attacks as other forms of computing, including Trojans and Distributed Denial of Service (DDoS)- induced outages.

The organisation warns that, as cloud involves the concentration of large amounts of data in a few locations, the impact of any attack could be bigger.

ENISA argues this concentration of data “makes cloud computing an attractive target for attackers [but]... at the same time, the capabilities offered attract cybercriminals to use the cloud for their purposes.”

The integration of cloud services into mobile devices will also increase the risk to the cloud, as “attackers will exploit vulnerabilities of mobile devices to gain access to cloud services,” according to ENISA.

These threats can be effectively mitigated through the adoption of appropriate security controls by cloud service providers, ENISA added.

“The adoption of security measures can outbalance the increased exposure of cloud services, caused by the increased number of expected attacks,” ENISA said.

As well as IT-based threats, such as SQL injections and malware, ENISA also highlighted human threats, such as those posed by disgruntled employees or former staff members.

“Given the concentration of data in cloud services, data loss due to malicious physical attacks might be an emerging issue, especially from malicious insiders,” the report said.

ENISA also added that the use of cloud services to carry out cybercrime will become more of an issue.

“The issue of cybercrime-as-a-service is currently coming up within expert discussions,” the organisation said.

“[Increasingly] attackers will leverage on the capabilities offered by cloud services to store malware, launch attacks, and gain proximity to potential victims and thus maximise their impact,” the report concluded.