文本描述
CLOUD SECURITY ALLIANCE The Treacherous 12 - Top Threats to Cloud Computing + Industry Insights
2017, Cloud Security Alliance. All right reserved.1
2017 Cloud Security Alliance – All Rights Reserved
All rights reserved. You may download, store, display on your computer, view, print, and link to The Treacherous
12 - Cloud Computing Top Threats in 2016 at https://cloudsecurityalliance/download/the-treacherous-twelve-
cloud-computing-top-threats-in-2016/, subject to the following: (a) the Report may be used solely for your
personal, informational, non-commercial use; (b) the Report may not be modifed or altered in any way; (c) the
Report may not be redistributed; and (d) the trademark, copyright or other notices may not be removed. You may
quote portions of the Report as permitted by the Fair Use provisions of the United States Copyright Act, provided
that you attribute the portions to The Treacherous 12 - Cloud Computing Top Threats in 2016.
The permanent and ofcial location for Cloud Security Alliance Top Threats research is
https://cloudsecurityalliance/group/top-threats/
CLOUD SECURITY ALLIANCE The Treacherous 12 - Top Threats to Cloud Computing + Industry Insights
2017, Cloud Security Alliance. All right reserved.2
Acknowledgments. 5
Executive Summary........... 6
Methodology. 8
1. Data Breaches......... 9
2. Insufcient Identity, Credential and Access Management..... 12
3. Insecure Interfaces and APIs.. 15
4. System Vulnerabilities.. 17
5. Account Hijacking.......... 19
6. Malicious Insiders........... 21
7. Advanced Persistent Threats... 23
8. Data Loss.... 25
9. Insufcient Due Diligence....... 27
10. Abuse and Nefarious Use of Cloud Services.......... 30
11. Denial of Service. 32
12. Shared Technology Vulnerabilities... 34
Contents
CLOUD SECURITY ALLIANCE The Treacherous 12 - Top Threats to Cloud Computing + Industry Insights
2017, Cloud Security Alliance. All right reserved.3
Acknowledgments.......... 37
Executive Summary........ 38
.
Box mismanagement of invite links -
Data Breaches...... 39
Yahoo breach -
Data Breaches...... 40
LinkedIn failure to salt passwords when hashing -
Insufcient Identity Credential Access Management.. 41
Instagram abuse of account recovery-
Insufcient Identity Credential Access Management. 42
MongoDB Mexican voter information leak -
Insufcient Identity Credential Access management.. 43
MongoDB unprotected, attacked by ransomware -
Insufcient Identity Credential Access Management. 44
Moonpig insecure mobile application -
Insecure Interface and APIs.... 45
Dirty Cow Linux privilege escalation vulnerability -
System Vulnerabilities.. 46
OAuth Insecure implementation -
Account Hijacking ........ 47
Zynga ex-employees alleged data theft -
Malicious Insiders........... 48
2017 Edition:
Industry Insights。