Bharat Bhise HNA: Understanding the Cloud’s Most Common Vulnerabilities can Help Prevent Cyberattacks
With more businesses transitioning to the cloud, Bharat Bhise HNA stresses that the risk of targeted malicious attacks, data breaches, and threats also increases. Consider the recently discovered 'Cloud Snooper' attack: it makes use of a rootkit to bring malicious traffic to an individual's on-premise firewall and AWS. Afterward, a remote access trojan (RAT) is dropped.
While this is a new attack method, many hackers continue to rely on time-tested techniques to gain entry into important organizational data.
A misconfigured API or API credentials exposure is one of the widest known methods to access a cloud environment. Once an attacker gets an access key, they use it on a platform of their control and run API calls for privilege escalation or malicious activity. These keys are usually exposed through BitBucket, Github, and shared snapshots or images.
Bharat Bhise HNA shares an example of this kind of attack, which was the recent leak of personal information from over 6.5 million Israeli nationals. The political party Likud's app was joined to an API point which did not have a password. This allowed attackers to acquire passwords for various admin accounts.
An API key exposure can also prove to be a developer mistake. In the wrong hands, the API key can give attackers access to internal infrastructure and control the authorized users' list.
In March last year, a huge API leak activity was reported when academics found out that more than 100,000 Github storehouses leaked cryptographic keys and API tokens within six months. Bharat Bhise HNA says that some of the API keys were discovered to be linked to AWS security credentials for a college application in the U.S. At least 564 API keys were also part of a site to go around the rate limits and download videos from Youtube.
These are just some of the most common methods attackers can use to gain access to critical data. Bharat Bhise HNA reminds organizations to employ top security measures to keep their cloud and environment from falling prey to such malicious activity.
While this is a new attack method, many hackers continue to rely on time-tested techniques to gain entry into important organizational data.
A misconfigured API or API credentials exposure is one of the widest known methods to access a cloud environment. Once an attacker gets an access key, they use it on a platform of their control and run API calls for privilege escalation or malicious activity. These keys are usually exposed through BitBucket, Github, and shared snapshots or images.
Bharat Bhise HNA shares an example of this kind of attack, which was the recent leak of personal information from over 6.5 million Israeli nationals. The political party Likud's app was joined to an API point which did not have a password. This allowed attackers to acquire passwords for various admin accounts.
An API key exposure can also prove to be a developer mistake. In the wrong hands, the API key can give attackers access to internal infrastructure and control the authorized users' list.
In March last year, a huge API leak activity was reported when academics found out that more than 100,000 Github storehouses leaked cryptographic keys and API tokens within six months. Bharat Bhise HNA says that some of the API keys were discovered to be linked to AWS security credentials for a college application in the U.S. At least 564 API keys were also part of a site to go around the rate limits and download videos from Youtube.
These are just some of the most common methods attackers can use to gain access to critical data. Bharat Bhise HNA reminds organizations to employ top security measures to keep their cloud and environment from falling prey to such malicious activity.
Comments
Post a Comment