Workflow
2024上半年全球云上数据泄露风险分析报告
Lv Meng Ke Ji·2024-10-01 01:48

Industry Overview - The report focuses on the global cloud data leakage risks in the first half of 2024, highlighting the increasing security risks associated with public and hybrid cloud environments [7] - A total of 16 cloud data leakage incidents occurred globally in the first half of 2024, involving approximately 1.2 billion pieces of personal data [7] - The United States experienced the highest number of incidents (8), with retail being the most affected industry, accounting for 940 million leaked records [7] Key Incidents - Escapada Rural: A Spanish rental company leaked 2.9 million customer records due to misconfigured Amazon S3 storage [13][14] - Glosbe: An online dictionary exposed nearly 7 million user records, including encrypted passwords and social media identifiers, due to an unprotected MongoDB database [17][18] - Google Firebase: Over 125 million user records were exposed across 900 websites due to hardcoded Firebase credentials [21][22] - Ticketmaster: Approximately 560 million user records were leaked, including payment information, due to a credential leak in Snowflake [36][37] - AT&T: Around 110 million user call records were stolen from Snowflake, marking another major credential-based breach [48][49] - Toyota: 240GB of employee and customer data, including financial and contract information, was stolen by a hacker group [52][53] Incident Analysis - Miscellaneous Errors: 11 out of 16 incidents were caused by misconfigurations, leading to 25.67 million data leaks [7] - System Intrusion: 4 incidents involved system intrusions, resulting in 1.05 billion data leaks [7] - Basic Web Application Attacks: 1 incident was due to web application attacks, exposing 125 million records [7] Security Recommendations - For Misconfigurations: Implement access control lists (ACLs), disable anonymous access, and monitor access requests [58][59][60] - For System Intrusions: Enable multi-factor authentication (MFA), rotate access keys, and encrypt sensitive data [61] - For Web Application Attacks: Establish anti-crawling mechanisms, enforce MFA, and limit login attempts [62] Conclusion - The report emphasizes the importance of understanding cloud data leakage risks and provides detailed insights into attack techniques using the MITRE ATT&CK framework [65] - Green Alliance Innovation Research Institute continues to monitor cloud risks and has developed tools like Fusion for automated asset detection and risk assessment [65][66]