CPO Magazine | Alicia Hope | Jan 4, 2021

While the SolarWinds hack primarily targeted in-house infrastructure, the breach has morphed into a multidimensional assault on key computing infrastructure, including cloud services.

The SolarWinds supply chain attack, which was broad in scope and sophisticated in nature and execution, could affect popular cloud-based services provided by key players, including Microsoft and Amazon. This is because the SolarWinds Orion software, widely used for network monitoring, could be deployed in cloud environments.

Under such conditions, it might have privileged access to AWS and Microsoft Azure API keys, Identity and Access Management (IAM) services, and other security credentials.

See:  Fintech & Cybersecurity: Key Risks and Solutions

Similarly, compromised Orion software running on in-house environments allows attackers to authenticate against cloud platforms by manipulating the Security Assertion Markup Language (SAML) to create access tokens.

Hackers targeting cloud platforms and services

Details from the NSA and Microsoft show that the suspected Russian hackers behind the SolarWinds hack were targeting cloud services such as Office 365.

Additionally, Reuters’ reporting claimed that hackers had compromised cloud services on National Telecommunications and Information Administration’s Microsoft Office 365 account and monitored staff emails for months.

Similarly, a recent report by Microsoft also revealed that the attackers tried to read CrowdStrike’s emails through a compromised reseller’s Microsoft Azure account.

SolarWinds hack threatens cloud services in myriad ways

SolarWinds hack attributed to suspected Russian hackers threatens various cloud infrastructure such as AWS and Microsoft Azure in several ways.

Firstly, Orion databases store AWS and Azure cloud platforms’ API keys alongside other security credentials. Attackers could later access the stored security identifications to compromise other cloud services.

See:  What brings more risk to the world stability than a pandemic? Cyber-attacks!

Similarly, SolarWinds Orion software deployed on AWS or Azure cloud platforms has access to root API keys. These privileges grant an attacker full admin access to the cloud services running on the platform.

Orion software also requires access to Identity and Access Management (IAM) services. Consequently, running Orion software injected with malicious code compromises the whole Orion IAM identity services on the cloud environment. Attackers could exploit the IAM to expose resources and networks and perform role chaining to escalate access privileges.

A resource-based policy allows any principal in the account to access the resource without identity-based permissions in the AWS platform. Consequently, Orion IAM identity could gain access to resources, leading to resource exposure.

Similarly, if a cloud service’s trust policy allows various identities to assume a role, the role could be adopted by any trusted identity residing within the cloud account. This leads to role chaining, which attackers could use to escalate privileges on the cloud platform.

Continue to the full article --> here

The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org

Share for a Chance to Win FREE #FFCON23 Virtual Event Tickets!! As a part of the lead-up to this exciting event, NCFA will be holding a social media contest for the chance to win FREE tickets to attend. In order to be entered to win, all you’ll need to do is share any of our event posts or create one of your own through your Facebook, Twitter, Instagram or LinkedIn personal or company page, tag @NCFACanada, and use #FFCON23. Winners will be contacted prior to the event. We look forward to seeing you there! Support NCFA by Following us on Twitter! Follow @NCFACanada

March 21, 2023

Some Exciting Fintech Stats (2023-2025)

March 20, 2023

CFPB Issues a Request For Information on “Data brokers”

March 20, 2023

BoC and Group of Central Banks Join Fed in New Liquidity Measures to Ease Banking Turmoil

March 20, 2023

OpenAI and Stripe Announce Partnership to Monetize OpenAI’s Flagship Products

March 20, 2023

Top 5 Cloud-based Solutions to Help HR Leverage Employee Engagement

March 18, 2023

How to Research the Market for a Franchise Opportunity

March 17, 2023

Large U.S. Incumbent Financial Institutions Inject $30-billion in First Republic Bank to Avert Crisis

March 17, 2023

Several Fintechs Focused on Helping Renters Become Homeowners in Canada

March 17, 2023

European Regulators Condemn US ‘incompetence’ in SVB Collapse

March 17, 2023

IT Team Motivation: How to Inspire Teammates as a Leader

March 16, 2023

Finimpact, Apply: Women’s Empowerment Business Grant (Up to $10K Funding)

March 16, 2023

‘Lazy’ ESG Fund Managers Are Caught Swimming Naked as SVB Exposes

March 16, 2023

Crypto Banking Crisis Props Hard Assets as Tokenized Diamond Sales Surge

March 16, 2023

Investing in Modern Day: Have the Viable Options Shifted?

March 15, 2023

Superintendent of Financial Institutions took further action on the Silicon Valley Bank Canadian Branch