'Serverless': Malware Just Found a new Home

Going ‘serverless’ is like farming out mundane tasks to professional dev teams.

You get increased flexibility, accelerated innovation, and reduced architecture costs. All these awesome perks are included while building the ultimate user experience.

Sounds good, right? Well, it’s too good to be true.

Managing a complex infrastructure always comes at a cost.

In the case of serverless infrastructure, its distributed nature gives a cyber breach lots of golden opportunities.

It turns out that the major differentiator of serverless is also its archenemy that provides attackers with significantly more points of entry. With that being said, let us dwell on the main five problems that underpin security issues today.

Serverless - Malware Just Found A New Home

In general, many well-known software risks like wrongly configured credentials or SQL injection make a comeback in serverless, but they manifest in a different way.

Risk 1: Function Event-Data Injection

This risk takes place when unreliable or attacker-controlled input is delivered to an interpreter and gets run or evaluated.

The main reason for that is that we don’t always make sure the input is of the expected data type. And as most serverless architectures have a myriad of event sources, it is not that hard to spark off a serverless function.

Risk 2: Broken Authentication

Since serverless fosters a microservices-oriented system design, applications often include a large number of functions, each with a unique target.

Being intertwined, these functions create overall system logic. However, some functions may disclose public web APIs, while others ingest events from various source types. So unauthorized access is a no-brainer in this case.

Risk 3: Insecure Serverless Deployment Configuration

Cloud providers offer many customizations and configuration settings to fine-tune them for each unique need or task. Some of these out-of-the-box configuration settings have alarming consequences on the overall security standpoint.

Thus, a popular weak point for cloud-based storage is incorrectly configured cloud storage authentication. And if configurations are left unchecked, it may wreak havoc on your security.

Risk 4: Overprivileged Function Permissions and Roles

Serverless functions have access rights, such as the right to access a database. And if you have many functions, you’ll have the same amount of permissions. In an ideal world, these all should be different rights that are as restricted as possible.

But who has the time to manage a zillion function authorizations? Most often, developers find a shortcut by applying a "wildcard" permission model. In this case, serverless functions may end up in the wrong hands and used for unplanned operations.

Risk 5: Inadequate Function Monitoring and Logging

It’s essential to log and monitor security-relevant events instantly since it helps to uncover intruder attacks and impede data corruption. However, this architecture hosts these functions in a cloud environment, beyond the user's data center borderline.

And although many serverless providers supply highly efficient logging capabilities, these logs are in their basic configuration and often fall short of delivering a full security event audit trail.