The Dutch National Cyber Security Centre (NCSC) is warning organizations that cloud misconfigurations are increasingly leading to data breaches. The conclusion has been drawn after reviewing multiple incidents in recent months where improperly configured systems exposed sensitive information to malicious actors.

Most organizations store their customer data, financial information, and internal documents in the cloud. However, threat actors are always looking to obtain sensitive information to extort companies, scam people using the exfiltrated data, or sell it to the highest bidder.

Sensitive information stored in the cloud should be safe when properly set up. But one little mistake can open a world of hurt – not just for the company involved, but for its customers and clients as well.

In recent months, the Dutch National Cyber Security Centre (NCSC) has observed several incidents where a misconfiguration enabled malicious actors to steal sensitive information, including the Salesforce breach.

In the case of a misconfiguration, there’s no technical vulnerability that can be patched. The cloud environment works exactly as intended. However, if access has been configured incorrectly, this allows users or threat actors to view or retrieve more data than intended.

According to the NCSC, cybercriminals are using automated tools to scan the internet at scale in search of misconfigurations. Once a misconfiguration is identified, an attacker can gain access to sensitive information without exploiting a vulnerability.

This involves using legitimate requests, meaning that malicious traffic is virtually indistinguishable from normal traffic, making attacks difficult to detect.

“Keeping the door closed starts with realizing that it might be open,” the NCSC states.

Therefore, the cybersecurity agency recommends that businesses and organizations constantly pay attention when configuring their cloud environments rather than performing occasional checks.

For starters, companies should compile an up-to-date overview of all platforms, cloud environments, and applications, and map out configuration settings and access rights.

In addition, the agency recommends applying the “least privilege” principle, separating admin and user accounts, disabling anonymous access, and paying specific attention to guest accounts and application permissions.

Lastly, businesses should enable multifactor authentication (MFA) for all admin accounts, adjust insecure default configurations before a system is put to use, and apply hardening standards.

---

Unlock more exclusive Cybernews content on YouTube.