Firewall News

Top Menu

  • Home
  • Our Blog
  • Contact Us

Main Menu

  • Software Updates
  • Alerts & Bugs
  • Out of the Box
  • Home
  • Our Blog
  • Contact Us

Firewall News

Firewall News

  • Software Updates
    • WatchGuard logo

      TDR 6.0.0 is now integrated into WatchGuard Cloud

      04/01/2021
      0
    • Sophos Logo

      XG Firewall 17.5 MR14 Released

      30/07/2020
      0
    • Sophos Logo

      Sophos Firewall Manager SFM 17.1 MR4 Released

      27/07/2020
      0
    • Sophos Logo

      Sophos Enterprise console - Endpoint Security and Control v10.8.9 for Windows has ...

      16/07/2020
      0
    • Sophos Logo

      Sophos iView v3 MR-2 Released

      07/07/2020
      0
    • Sophos Logo

      SD-RED Firmware 3.0.002 Pattern Update

      06/07/2020
      0
    • Sophos Logo

      XG Firewall 17.5 MR13 Released

      06/07/2020
      0
    • Sophos Logo

      End-of-Life (EoL) announcement for old firmware v17 and v17.1 for XG Firewall

      03/07/2020
      0
    • WatchGuard logo

      Fireware 12.5.4 Now Available

      01/07/2020
      0
  • Alerts & Bugs
    • Sophos Logo

      Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

      29/03/2022
      0
    • Sophos Logo

      Sophos: Important Product Lifecycle Updates

      03/03/2022
      0
    • WatchGuard logo

      WatchGuard Support Alert

      23/02/2022
      0
    • Sophos Logo

      Sophos: Important Product Lifecycle Reminder

      03/02/2022
      0
    • Sophos Logo

      Sophos: Product Lifecycle Information: Extended Support for Windows 7 and Windows Server ...

      31/01/2022
      0
    • Sophos Logo

      End-of-Life (EoL) announcement for Sophos SSL VPN Client

      29/11/2021
      0
    • WatchGuard logo

      WatchGuard: macOS Monterey 12.0.1 Does Not Support the AuthPoint Logon App

      09/11/2021
      0
    • Sophos Logo

      Sophos UTM Manager (SUM) End of Distribution

      04/11/2021
      0
    • WatchGuard logo

      WatchGuard: End of Sale Notice: AP420

      01/11/2021
      0
  • Out of the Box
    • WatchGuard’s Firebox T80 Earns 5-Star Rating in SC Labs Review

      17/11/2020
      0
    • WatchGuard Wins Big in CRN 2020 Tech Innovator Awards

      16/11/2020
      0
    • Coronavirus scams: what to look for and how to stop them

      02/04/2020
      0
    • Dell SonicWALL TZ 300

      Out the Box - Dell SonicWALL TZ 300

      05/07/2016
      0
    • Dell SonicWALL TZ SOHO

      Out the Box - Dell SonicWALL TZ SOHO

      05/07/2016
      0
    • WatchGuard Firebox T50

      WatchGuard Firebox T50

      31/03/2016
      0
    • WatchGuard Firebox M200

      WatchGuard Firebox M200

      31/03/2016
      0
BarracudaNews
Home›News›Barracuda›Monetising mistakes: how to tackle cloud misconfiguration

Monetising mistakes: how to tackle cloud misconfiguration

By admin
29/08/2019
1618
0
Share:

Cloud computing is thriving as firms queue up to drive DevOps-fuelled innovation and greater IT agility. As long ago as 2017 UK cloud adoption hit nearly 90%, and the market for public cloud in Western Europe could hit $43 billion this year. But alongside these gains are the security barriers, and increasingly at the top of this list is the challenge of misconfiguration.

Security researchers have been warning about it for years. But now hackers are automating their efforts to target these mistakes, the quest to mitigate misconfiguration errors has taken on a new urgency.

What’s going on?

Cloud misconfiguration is nothing new. One vendor has documented thousands of organisations over the past four years that have made serious mistakes with their Amazon S3 deployments – exposing sensitive IP and customer data in the process. These include:

  • 540 million records left exposed by third-party Facebook app developers
  • A huge trove of trade secrets leaked online
  • 73GB of internal data from ISP Pocket iNet left publicly exposed, including admin passwords
  • 48 million customer records exposed by data aggregator LocalBlox

It’s not just Amazon S3. Similar privacy snafus have been spotted on MongoDB, Elasticsearch and other platforms. The difference now is that attackers are weaponizing these mistakes to further their own ends.

  • One of the most common ways to do this is to automatically scan the internet for exposed data stores – something that can be done via a simple Shodan search – copy the data, delete the original and then leave a ransom note. These attacks aren’t particularly new, but recent weeks have seen something of a resurgence in the tactic:
    • Choice Hotels: The international hotel chain left an exposed MongoDB instance Hackers left a note demanding a ransom and claiming they had stolen 700,000 customer records including guest names, email addresses and phone numbers
    • Libreria Porrua: The popular Mexican bookseller exposed over two million customer records online in a MongoDB database. The public configuration allowed hackers to manage the entire system with full administrative privileges, stealing the data and leaving a ransom note
  • Another attack technique exploiting cloud misconfiguration involves the use of notorious digital skimming code known as Magecart. A group using the code to steal card data from organisations’ customers was spotted automating the scanning of exposed S3 buckets containing JavaScript. It then takes advantage of misconfigured write permissions to append malicious Magecart JavaScript to the code. The result could be the compromise of as many as 17,000 domains including some of the world’s top-ranked websites.

Basic errors

Often when news gets out about misconfigured cloud settings the issue has been caused by a third-party provider or contractor. In the case of Choice Hotels, the vendor was working with the data with a view to providing the hospitality giant with a new tool. It should not have even been using live data, and in fact most of the 5.6 million records compromised were not associated with real people.

It goes without saying that organisations need to get better at cracking down on these preventable mistakes. It’s a cast iron certainty that we’ll see an incident like this attract the attention of GDPR regulators pretty soon, if they aren’t already investigating. For any company unsure about the potential impact on their business, BA was fined a record £183m last month for mistakes leading to a breach of customer data by Magecart hackers.

Misconfigurations exposing data also extend beyond cloud platforms like AWS S3. One analysis from last year claimed that SMB (33% of visible files), rsync (28%) and FTP servers (26%) exposed the vast majority of the 1.5 billion sensitive files it found online during one scan. S3 accounted for just 7%.

Impact on regulatory compliance

It’s important to remember that GDPR regulators take into account both an organisation’s operational procedures and its infrastructure best practices. In other words, misconfigurations that result in breaches, regardless of how non-malicious these mistakes may have been, have significant regulatory consequences. Fines can reach 4% of global annual turnover, and regulators have recently shown themselves to be more than willing and able to levy major sums.

Misconfigurations at the IT level can therefore cause an organisation to be deemed non-compliant, so proactively managing them becomes a much more important task.

What to do

Also last year, an analysis by IBM revealed a 424% jump in data leaks stemming from misconfigured cloud systems, accounting for 70% of compromised records. It’s clear that IT leaders must get more proactive about mitigating these risks. Cloud security is a shared responsibility and it’s important to remember that the customer is 100% on the hook for configuring its environment.

A good checklist for starters should include the following:

  • Restrict access to cloud administration according to principle of least privilege
  • Make use of improvements AWS introduced in November 2018 to reduce the chance of misconfigurations
  • Ensure you’re on MongoDB 3.5.7 or later to take advantage of security enhancements that mean all networked connections to the database are denied unless explicitly configured by an administrator
  • Use a Cloud Security Posture Management (CSPM) solution (third party solutions are more automated than native solutions) which will continually scan for misconfigurations and remediate them
  • Switch on logging to track changes and identify any misconfiguration mistakes
  • Apply these policies and processes to third-party suppliers

Cloud security, like protection of on-premises environments, requires a multi-layered approach that goes way beyond the above. But firms failing to prevent basic mistakes like misconfigured accounts are falling at the first hurdle. For hackers looking for the low-hanging fruit, these are a dream come true.

Barracuda Makes the Public Cloud Easy, Secure, and Affordable

Previous Article

Tracking Down a Big Phish

Next Article

SonicWALL – MULTIPLE HTTP/2 IMPLEMENTATION VULNERABILITIES

0
Shares
  • 0
  • +
  • 0
  • 0
  • 0
  • 0

Related articles More from author

  • Sophos CRN Tech Innovators
    News

    Sophos – Intercept X recognized as a CRN Tech Innovator… again!

    13/11/2018
    By admin
  • Sophos n-g fwall protection
    News

    Sophos – The problem with next-gen firewall protection

    01/01/2018
    By admin
  • Fortinet AT&T Summit
    News

    Fortinet A Premier Sponsor of AT&T’s Inaugural ‘The Summit’ Event

    30/10/2017
    By admin
  • SonicWall biggest update
    News

    SonicWall SonicOS 6.5, the Biggest Update in Company History, Delivers Powerful Security, Networking and Usability Capabilities

    28/09/2017
    By admin
  • Fortinet MQ Leader
    News

    Fortinet Again Recognized by Gartner as an Enterprise Firewall Magic Quadrant Leader

    08/10/2018
    By admin
  • NewsSonicWALL

    SonicWall Firewall Certified via NetSecOPEN Laboratory Testing, Earns Perfect Security Effectiveness Score Against Private CVE Attacks

    20/02/2020
    By admin

  • Software UpdatesSophos

    Sophos Connect 1.3 Released

  • Fortinet logo
    FortinetSoftware Updates

    Fortinet FortiOS 5.6.1 Release Notes

  • Fortinet
    News

    New Forbes Insights Report Shows CISOs Believe Capabilities of Attackers are Outpacing their Ability to Defend their Organizations

Timeline

  • 29/03/2022

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

  • 03/03/2022

    Sophos: Important Product Lifecycle Updates

  • 01/03/2022

    Shoring up your cybersecurity posture in light of ongoing crisis

  • 23/02/2022

    WatchGuard Support Alert

  • 03/02/2022

    Sophos: Important Product Lifecycle Reminder

Sponsored Links

Latest Comments

  • Paul Sillars
    on
    21/06/2016
    I received this in an email this morning, it was the first I heard about it ...

    Dell Software Group sold to help fund looming EMC deal

  • Paul Sillars
    on
    20/06/2016
    This is going to be an interesting one to watch. Especially after today's announcement that ...

    Ingram Micro gets distribution access to Dell’s security range in Australia

Find us on Facebook

Firewall.News Logo

This site serves more as a reference point for some of the major security vendor's updates and product/press releases

It will never be a definitive list, but it helps our customers keep up to date and also allows us to express our comment and observations as well.

About us

  • PO Box 451, North Lakes, Queensland, 4509, Australia
  • [email protected]
  • Recent

  • Popular

  • Comments

  • Sophos Logo

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

    By admin
    29/03/2022
  • Sophos Logo

    Sophos: Important Product Lifecycle Updates

    By admin
    03/03/2022
  • Shoring up your cybersecurity posture in light of ongoing crisis

    By admin
    01/03/2022
  • WatchGuard logo

    WatchGuard Support Alert

    By admin
    23/02/2022
  • Dell SonicWALL Supermassive

    Ingram Micro gets distribution access to Dell’s security range in Australia

    By admin
    14/06/2016
  • Francisco Partners and Elliott Management to Acquire the Dell Software Group

    Dell Software Group sold to help fund looming EMC deal

    By admin
    21/06/2016
  • WatchGuard Firebox M500 – The Cure for HTTPS Performance Headaches

    By admin
    05/03/2015
  • Sophos Logo

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

    By admin
    29/03/2022
  • Paul Sillars
    on
    21/06/2016

    Dell Software Group sold to help fund looming EMC deal

    I received this in ...
  • Paul Sillars
    on
    20/06/2016

    Ingram Micro gets distribution access to Dell’s security range in Australia

    This is going to ...

Follow Me

  • Contact
  • About Us
  • Home