Today’s cybersecurity environment is changing rapidly. Punctuated by the move toward serverless architecture, the technology presents operational opportunities and unprecedented security challenges.

As businesses continue to embrace serverless, security professionals are sounding the alarm, urging organizations to recognize the growing threats in these environments, according to Charles DeBeck (pictured), threat intelligence strategy lead, Google Cloud, at Google LLC.

“It’s interesting because, from a threat actor perspective, we’re not seeing a ton of activity here just yet, but we have started to see them looking at this space as a potential avenue for exploitation,” he said. “Realistically, it’s tougher to get into serverless environments in some ways because it’s just not as common. It’s not something that they use as often, but we have historically seen examples of threat actors wrapping traditional malware in a way so it could be taken advantage of in a serverless environment.”

DeBeck spoke with theCUBE Research’s John Furrier and Savannah Peterson at mWISE 2024, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the evolving tactics of threat actors and the challenges of compliance and collaboration, exploring how cybersecurity professionals must stay vigilant and proactive in addressing these emerging threats. (* Disclosure below.)

The opportunities and risks in securing serverless architecture

While praised for itsscalability and efficiency, serverless architecture presents new security risks. Traditional malware could be adapted to target these environments. The challenge arises when organizations lack visibility into these systems or fail to implement proper security protocols, making it difficult to detect potential threats, according to DeBeck.

“The key concepts of identity access management and making sure that you have permission and configuration in place is the same as what we see in other parts of cloud environments,” he said. “But from serverless, a key component here is that scalability from compute resources can be very sudden and dramatic. And we can see that an infection can go from a small thing to a huge thing much faster than potential other parts of cloud environments.”

In essence, the ability of serverless systems to scale up quickly can be a double-edged sword. Once they gain access, threat actors can exploit this rapid scalability, turning a small breach into a major incident.

Additionally, there’s been a change in the manner of approach threat actors employ — they’ve shifted from encryption to exfiltration.  In the past, cybercriminals would encrypt data and demand ransom for decryption keys. However, as encryption techniques and defenses have become more sophisticated, threat actors now favor a simpler, more lucrative approach: data theft.

“It turns out encryption is tough, and also decryption is very challenging,” he said. “And so you run into this issue as a threat actor. Should I do an encryption effort and then have to make a decrypter and then have to sell it back to them and they may not want to buy it? That’s a lot of work. Or should I take all their data and then say, ‘I’m going to post this on the internet.'”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE Research’s coverage of mWISE 2024: 

(* Disclosure: Google Cloud Security sponsored this segment of theCUBE. Neither Google Cloud Security nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE