NCFAs innovation and funding ecosystem

Microsoft and Amazon Cloud Services Exposed to Widespread SolarWinds Hack

CPO Magazine |

Solarwinds hack - Microsoft and Amazon Cloud Services Exposed to Widespread SolarWinds HackWhile the SolarWinds hack primarily targeted in-house infrastructure, the breach has morphed into a multidimensional assault on key computing infrastructure, including cloud services.

The SolarWinds supply chain attack, which was broad in scope and sophisticated in nature and execution, could affect popular cloud-based services provided by key players, including Microsoft and Amazon. This is because the SolarWinds Orion software, widely used for network monitoring, could be deployed in cloud environments.

Under such conditions, it might have privileged access to AWS and Microsoft Azure API keys, Identity and Access Management (IAM) services, and other security credentials.

See:  Fintech & Cybersecurity: Key Risks and Solutions

Similarly, compromised Orion software running on in-house environments allows attackers to authenticate against cloud platforms by manipulating the Security Assertion Markup Language (SAML) to create access tokens.

Hackers targeting cloud platforms and services

Details from the NSA and Microsoft show that the suspected Russian hackers behind the SolarWinds hack were targeting cloud services such as Office 365.

Additionally, Reuters’ reporting claimed that hackers had compromised cloud services on National Telecommunications and Information Administration’s Microsoft Office 365 account and monitored staff emails for months.

Similarly, a recent report by Microsoft also revealed that the attackers tried to read CrowdStrike’s emails through a compromised reseller’s Microsoft Azure account.

SolarWinds hack threatens cloud services in myriad ways

SolarWinds hack attributed to suspected Russian hackers threatens various cloud infrastructure such as AWS and Microsoft Azure in several ways.

Firstly, Orion databases store AWS and Azure cloud platforms’ API keys alongside other security credentials. Attackers could later access the stored security identifications to compromise other cloud services.

See:  What brings more risk to the world stability than a pandemic? Cyber-attacks!

Similarly, SolarWinds Orion software deployed on AWS or Azure cloud platforms has access to root API keys. These privileges grant an attacker full admin access to the cloud services running on the platform.

Orion software also requires access to Identity and Access Management (IAM) services. Consequently, running Orion software injected with malicious code compromises the whole Orion IAM identity services on the cloud environment. Attackers could exploit the IAM to expose resources and networks and perform role chaining to escalate access privileges.

A resource-based policy allows any principal in the account to access the resource without identity-based permissions in the AWS platform. Consequently, Orion IAM identity could gain access to resources, leading to resource exposure.

Similarly, if a cloud service’s trust policy allows various identities to assume a role, the role could be adopted by any trusted identity residing within the cloud account. This leads to role chaining, which attackers could use to escalate privileges on the cloud platform.

Continue to the full article --> here

 


NCFA Jan 2018 resize - Microsoft and Amazon Cloud Services Exposed to Widespread SolarWinds Hack The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org

Latest news - Microsoft and Amazon Cloud Services Exposed to Widespread SolarWinds HackFF Logo 400 v3 - Microsoft and Amazon Cloud Services Exposed to Widespread SolarWinds Hackcommunity social impact - Microsoft and Amazon Cloud Services Exposed to Widespread SolarWinds Hack

Support NCFA by Following us on Twitter!







For more information about FFCON21: BREAKING BARRIERS, on-demand videos and ways to participate