In the era of cloud computing, where virtual servers and storage spaces are summoned at the blink of an eye, managing their departure is not as swift. Deleting cloud assets without ensuring the removal of all related records can be a lurking danger. This mistake can make things unsafe because attackers might use it to cause trouble by taking advantage of the things we thought were deleted.
Consider this scenario: You launch a special campaign, creating a microsite on a cloud platform for promotional activities. The developers set it up with a virtual server and a storage bucket. The cloud service assigns IP addresses and hostnames for accessibility. Subdomains are created, DNS records are established and your mobile app integrates with the campaign site.
However, when the campaign concludes, deleting the cloud assets is not the end of the story. The records—whether in DNS zones or application code—pointing to these now-deleted resources linger, creating a risky trail for potential attackers.
A new problem called “cloud squatting” was talked about by a TikTok security person, Abdullah Al-Sultani. It is when attackers use old IP addresses and website names left behind, making fake sites to trick people. The bigger the company, like TikTok, the harder it is to find and remove these old records.
The danger extends beyond DNS records. Cloud squatting risks can be inherited from third-party software components. Attackers scan for references to cloud resources, re-register abandoned buckets, and even exploit deleted GitHub repositories.
Organizations face a vast attack surface, but mitigation strategies exist. The reuse of IP addresses and DNS scenarios can be tackled by using reserved IP addresses, transferring owned IP addresses to the cloud, utilizing private IP addresses, or embracing IPv6. To keep things safe, it is good to have rules like not putting fixed computer addresses directly into apps. Instead, use names for them and regularly check and clean up the information.