In this interview with Help Net Security, Zur Ulianitzky, head of security research at XM CYBERprovides information on new and less talked about cybersecurity risks that organizations need to be aware of and what they need to do to stay safe and secure from these threats.
We’re seeing a lot of cybersecurity risks hogging the spotlight recently, but what about the newer, less-discussed ones?
As markets become more global and complex, so do the threats organizations must contend with. Hackers can now exploit security holes to gain an initial foothold in a company’s network and then move laterally between on-premises and cloud applications to wage a highly damaging campaign.
XM Cyber recently discovered three new risks present in the networks of various customers.
- multicloud hop: The ability for an attacker to easily move between clouds within a multi-cloud organization (for example, jumping from a company’s Azure environment to its Google Cloud applications). This is a big problem because 76% of organizations are multicloud.
- Backup System Risk: Ransomware gangs are now trying to pivot through the network to get to backup systems first, so that they can destroy the recovery mechanism that most organizations rely on.
- Third-party risk for Azure environments: Companies often give contractors access to applications to perform IT maintenance or provide ongoing access to external partners. However, this is a significant risk because they occasionally open full access to the organization without realizing it.
Could you explain the risk of jumping from multiple clouds and how it could affect organizations?
Consider an external user who gets access to Azure, then walks into an internal application, commits it, and then goes to the AWS Cloud. Unfortunately, most companies don’t have global visibility and knowledge of vendors’ attack paths between clouds because traditional cloud security solutions don’t detect them. They require solutions that illustrate how an attacker can gain access to a system and switch from cloud to cloud based on configuration.
What about the risk of the backup system? What can organizations do to deal with these types of threats?
Backup systems are common in organizations and are typically linked across multiple assets. Each asset you want to back up requires authorization and access, so to access them, hackers require credentials. However, due to vulnerabilities, misconfigurations, and poor cyber hygiene, these credentials really aren’t that hard for an expert hacker to obtain. If a bad actor gets their hands on the backup system, they can exfiltrate and delete the backup data, essentially forcing the organization to pay the ransom or risk losing everything.
A proven method of defense against these types of threats is attack path management. This involves looking at the network from the attacker’s point of view to see how multiple security gaps create pathways hackers can use to move within a network, from on-premises to cloud and between clouds. Once you discover attack paths, you can focus remediation efforts on those paths that provide access to your critical assets.
Because organizations often rely on external partners for IT maintenance, they forget about third-party risk, particularly for Azure environments. What should they take into account and what should they do to minimize the impact?
It is important to recognize that third party cloud providers are not on an island in terms of providing protection. Hybrid cloud security is a joint effort between cloud providers and the organizations that sponsor them. Securing hybrid cloud infrastructure may be the purview of the provider, but data security is a mutual responsibility. Effective management of access policies, configurations, and encryption are part of the deal.
To correct these errors, it is imperative that organizations follow best practices, such as securing all endpoints with adequate protection, using external storage to back up critical data, and ensuring access privileges are strictly controlled.
Risk management evaluation is also extremely important. Continuous assessment of the entire network will establish a valid risk management simulation of real life attack scenarios, which should be in the production environment and run continuously for maximum visibility.
How well do you think these new risks are being addressed and is there anything else organizations could and should do?
Cyber attacks are not going to go away; they will only take new forms. Organizations should not ignore it. As a result, maintaining a strong security posture across your hybrid cloud networks must be ongoing.
Organizations looking to improve their security posture must develop a comprehensive understanding of their network’s attack paths and bottlenecks. Attack path management should become part of any company’s arsenal because it’s the only way to see the world through an attacker’s eyes and focus on eliminating risk in the most cost-effective way possible. This can only be done if the real context of the routes an attacker can take to reach vital assets is known.