Privilege escalation exploits based on permission settings can also be found on Salesforce, which unlike AWS, is a SaaS (Software as a Service) solution. ![]() According to security researchers, Identity and Access Management (IAM) roles can be abused by 22 APIs found in 16 AWS services. This shift has opened the door for attack vectors based on role assumption – the ability to obtain short-term permissions to authorized resources – that often enables vast operations within the cloud environment, including data theft. These targeted attacks on cloud accounts, sometimes caused by flaws in the provider’s permissions or trust policy logic, can allow an attacker to gain privilege escalation and move laterally within the corporate’s cloud environment, thus obtaining certificate private keys, sensitive information and database credentials and enabling them to access sensitive data.Įssentially, we are seeing a shift towards attacking cloud accounts instead of cloud resources. ![]() Sunburst is the highest-profile example of a significant change in the nature of cloud misconfigurations, their root causes, and their consequences over the past year as identity and access management (IAM) misconfigurations began making headlines. It shows just how significant a single breached, stolen password can be. At this point, the attacker used a previously published technique to gain persistent, full and hard-to-detect access to the victim’s cloud services, allowing them to explore and steal data from emails and storage.īut how did the threat actor compromise SolarWinds’ systems in the first place, giving themselves the platform from which they could use privilege escalation to attack organizations using its software? Stolen or guessed credentials are one of the main sources of attack SolarWinds is investigating: executives have blamed a company intern for a critical lapse in password security that was undiagnosed for years, and have yet to rule out this lapse as a root cause of the attack. Once an enterprise was compromised, the attacker moved laterally from the backdoor in the target’s SolarWinds server to their Active Directory Federation Services server, which is responsible for the organization’s Single Sign On processes for accessing cloud services like Office365. And they also led to one of the largest and most significant cyber-attacks ever: the ‘Sunburst’ supply chain compromise attacks which breached over 18,000 government and private-sector technology organizations worldwide via a backdoor embedded in their SolarWinds network management software.ĭark Halo, the threat actor behind the Sunburst attacks, relied heavily on the cloud model to access sensitive information and gain footholds on the networks of targeted organizations. The Ponemon Institute’s 2020 Cost of a Data Breach Report identified cloud misconfigurations as the attackers’ entry point of choice: combined with stolen or compromised credentials, these issues were the cause of nearly 40% of all breaches. Threat actors and cyber criminals have been quick to exploit these misconfigurations and vulnerabilities. ![]() The dynamic, fast-moving nature of the cloud is one of the root causes of these risks, because it often leads to misconfigured permissions and privileges linked to identities or users. Research in mid-2020 by Check Point found that public cloud security is a major concern for 75% of enterprises, and over 80% of enterprises found their existing security tools don’t work at all or had only limited functions in the cloud, exposing them to the risks of breaches and attacks. ![]() While 2020 saw digital transformation programs advance by over five years in response to the pandemic, this rapid move to mass remote working and cloud connectivity also meant that for many organizations, some things got broken along the way – including security. However, moving faster than you’d planned isn’t always a good thing, as organizations worldwide discovered during the COVID-19 pandemic. Facebook founder and CEO Mark Zuckerberg’s famous motto, ‘ move fast and break things’ is believed to be one of the drivers behind the company’s innovations and growth.
0 Comments
Leave a Reply. |