In this interview with Help Net Security, Zur Ulianitzky, Head of Security Research at XM CYber, gives insights on new and less talked about cybersecurity risks organizations should look out for, and what should they do keep themselves secure and protected from these threats.
We are seeing many cybersecurity risks taking the spotlight recently, but what about new and less discussed ones?
As markets grow more global and complex, so too do the threats that organizations must face. Hackers can now exploit security gaps to obtain an initial foothold in a company’s network and then move laterally between on-premises and cloud applications to wage a highly damaging campaign.
XM Cyber recently found three new risks present on multiple customers’ networks.
- Multi-cloud hopping: The ability of an attacker to easily move between one cloud and another within a multi-cloud organization (ex. hopping from a company’s Azure environment to its Google Cloud apps). This is a huge deal because 76% of organizations are multi-cloud.
- Backup system risk: Ransomware gangs are now trying to pivot through the network to get to the backup systems first, so they can destroy the recovery mechanism that most organizations rely upon.
- 3rd-party risk to Azure environments: Businesses often grant contractors access to applications to perform IT maintenance, or give ongoing access to third-party partners. However, this is a significant risk because they occasionally open up full access to the organization without realizing it!
Could you explain the multi-cloud hopping risk and how it could affect organizations?
Consider an external user who gains access to Azure, then breaks into an internal application, compromises it, and then pivot to the AWS cloud. Unfortunately, most businesses don’t have global visibility and aren’t aware of cross-cloud provider attack paths because traditional cloud security solutions do not detect them. They require solutions that illustrate how an attacker may gain access to a system and pivot cloud-to-cloud based on settings.
What about the backup system risk? What can organizations do to tackle this kind of threat?
Backup systems are common in organizations, and they usually link via various assets. Each asset you want to back up requires authorization and access, so to reach them, hackers require credentials. However, due to vulnerabilities, misconfigurations and poor cyber hygiene, these credentials are really not that hard for a savvy hacker to obtain. If a bad actor gets his hands on the backup system, he can exfiltrate and erase the backup data, essentially forcing the organization to pay the ransom or risk losing everything.
One proven method of defending against this type of threat is attack path management. This involves viewing the network from the attacker’s point of view to see how multiple security gaps create pathways that hackers can use to move around within a network — from on-prem to the cloud and between clouds. Once you discover the attack paths, you can focus remediation efforts on those paths that provide access to your critical assets.
As organizations often rely on third-party partners for IT maintenance, they forget about third-party risk, particularly to Azure environments. What should they be looking out for and what should they do to minimize the impact?
It’s important to recognize that third-party cloud providers are not on an island in terms of providing protection. Hybrid cloud security is a joint effort between cloud providers and the organizations that patronize them. Securing the hybrid cloud infrastructure may be the purview of the provider, but data security is a mutual responsibility. Effectively managing access policies, configurations and encryption are all part of the bargain.
To right these wrongs, it’s imperative for organizations to follow best practices such as securing all endpoints with proper protection, using external storage to back up critical data, and ensuring that access privileges are tightly controlled.
Risk management assessment is also extremely important. The continuous assessment of the entire network will establish a valid risk management simulation of real-life attack scenarios, which should be in the production environment and executed continuously for maximum visibility.
How well do you think these new risks are addressed and is there something more organizations could and should do?
Cyberattacks are not going away; they will only take on new forms. Organizations should not ignore it. As a result, maintaining a solid security posture across your hybrid-cloud networks must be ongoing.
Organizations looking to improve their security posture must develop a comprehensive understanding of their network’s attack routes and chokepoints. Attack path management must become a part of any company’s arsenal because it is the only way to see the world through the eyes of an attacker and focus on removing the risk in the most cost-effective way possible. This can only be realized if the actual context of the pathways an attacker can take to reach the vital assets is known.