Try GOLD - Free
Native Data Breach: Anatomy Of A Cloud
Enterprise IT World
|June 2019
Case study of a real-life example of a cloud-native data breach, how it evolved and how it possibly could have been avoided.
The company is a photo-sharing social media application, with over 20 million users. It stores over 1PB of user data within Amazon Web Services (AWS), and in 2018, it was the victim of a massive data breach that exposed nearly 20 million user records. This is how it happened.
Step 1: Compromising a legitimate user. Frequently, the first step in a data breach is that an attacker compromises the credentials of a legitimate user. In this incident, an attacker used a spear-phishing attack to obtain an administrative user’s credentials to the company’s environment.
Step 2: Fortifying access. After compromising a legitimate user, a hacker frequently takes steps to fortify access to the environment, independent of the compromised user. In this case, the attacker connected to the company’s cloud environment through an IP address registered in a foreign country and created API access keys with full administrative access.
Step 3: Reconnaissance. Once inside, an attacker then needs to map out what permissions are granted and what actions this role allows.
This story is from the June 2019 edition of Enterprise IT World.
Subscribe to Magzter GOLD to access thousands of curated premium stories, and 9,500+ magazines and newspapers.
Already a subscriber? Sign In
MORE STORIES FROM Enterprise IT World
Enterprise IT World
SNS PRESENTS CIO500 DELHI EDITION CONCLUDES WITH RECORD PARTICIPATION
Full house audience engages in power-packed discussions on AI, innovation, cost control, and digital KPIs
1 mins
August 2025
Enterprise IT World
Oklo and Vertiv Partner to Power the Future of Hyperscale Data Centers
In a groundbreaking move, Oklo, a pioneer in advanced nuclear technology, has partnered with Vertiv, a global leader in digital infrastructure, to co-develop next-generation power and cooling solutions for hyperscale and colocation data centers across the United States.
1 min
August 2025
Enterprise IT World
Covasant Launches Enablr to Transform GCCs into Strategic Growth Engines
Covasant Technologies has launched Enablr\", a new Al-first business division designed to help global enterprises build and scale Global Capability Centers (GCCs) in India with speed, intelligence, and strategic clarity.
1 min
August 2025
Enterprise IT World
Quick Heal Detects Android Cryptojacker Masquerading as Axis Bank App
Quick Heal Technologies has uncovered a stealthy Android cryptojacking campaign involving a fake banking app posing as Axis Bank.
1 min
August 2025
Enterprise IT World
Freshworks and McLaren Racing Unite to Drive IT Excellence and On-Track Performance
Freshworks has announced a multiyear partnership with McLaren Racing, becoming an Official Partner of the McLaren Formula 1 Team.
1 min
August 2025
Enterprise IT World
SECURING THE SANCTUM: A CYBERSECURITY GUIDE FOR INDIAN LAW FIRMS USING THE NIST FRAMEWORK
As custodians of sensitive legal data, Indian law firms face a mounting cybersecurity imperative. The NIST Cybersecurity Frame- work offers a strategic blueprint to protect client trust, professional integrity, and legal privilege.
7 mins
August 2025
Enterprise IT World
Karnataka Hosts Global Collaboration Meet to Strengthen Tech Alliances Ahead of BTS 2025
In a strategic push to deepen international tech partnerships, the Government of Karnataka hosted the Global Collaboration Meet at Hotel Four Seasons, Bengaluru. Organized under the Global Innovation Alliance (GIA) initiative by the Department of Electronics, IT, Biotechnology, and Science & Technology, the event served as a prelude to the upcoming Bengaluru Tech Summit 2025 (BTS 2025).
1 min
August 2025
Enterprise IT World
SECURING THE FUTURE: SRF LIMITED UNIFIES CYBERSECURITY ACROSS IT AND OT WITH TENABLE ONE
How SRF's SecureOT initiative is redefining industrial cybersecurity in India's manufacturing sector
2 mins
August 2025
Enterprise IT World
SNS PRESENTS CI0500 & ACCELERATOR X AWARDS 2025 CONCLUDES SUCCESSFULLY IN BANGALORE
Technology leaders gather at Taj West End to celebrate innovation, leadership, and transformation
2 mins
August 2025
Enterprise IT World
Sophos Opens Authorized Training Center in Mumbai with SATCOM Infotech
Sophos, a global leader in cybersecurity, has launched a new Authorized Training Center (ATC) in Mumbai, in partnership with SATCOM Infotech Pvt. Ltd. This initiative marks a significant step in Sophos' commitment to upskilling IT professionals and strengthening partner capabilities across India.
1 min
August 2025
Translate
Change font size