当前位置:网站首页>Cloud identity is too loose, opening the door for attackers
Cloud identity is too loose, opening the door for attackers
2022-04-23 09:41:00 【Like a breeze】
Palo Alto A new report Unit 42 Show , Almost all cloud users , role , Services and resources are granted too many permissions , Make the organization vulnerable to attack expansion when attacked . The security provider's research found that , Misconfigured identity and access management (IAM) Opening the door for malicious actors , These actors mainly target cloud infrastructure and credentials in the attack .
The results show that , When it comes to... In the cloud IAM when , The organization is trying to implement good governance . The report also identified five attack groups detected against the cloud environment , And reveals their attack methods .
stay 《 Identity and access management : First line of Defense 》 In a Book ,Unit 42 The researchers analyzed 18,000 Cloud accounts and 200 In many different organizations 680,000 Multiple identities , To understand its configuration and usage mode . It shows ,99% Our cloud users , role , Services and resources are granted to “ Too many permissions ”, These permissions are not used 60 God . According to the report , Opponents who destroy these identities can use these permissions to move horizontally or vertically and expand the attack radius .
Unit 42 Data show that , Compared with the strategy created by the customer , Built in content security policy (CSP) Double the unused or excessive permissions in . Deleting these permissions can significantly reduce the exposure risk of each cloud resource , And minimize the attack surface of the whole cloud environment . However , According to the report , Cloud security is being affected by poor implementation IAM And voucher management .
In the report Unit 42 Express , detected 65% There is a configuration error behind the cloud security event , and 53% Password analysis of weak accounts is allowed ,44% Allow password reuse . what's more , Nearly two-thirds (62%) Our organization exposes cloud resources .
Identity users in the cloud platform , Misconfiguration in roles or group policies may significantly increase the threat pattern of the organization's Cloud Architecture , These are the carriers that opponents are constantly seeking to use .
All cloud threat participants we identified are destroying servers 、 Containers or laptops are trying to collect cloud credentials . Leaking credentials with too many privileges can provide an attacker with “ The key of the Kingdom ”.
Unit 42 Identify five attack groups for cloud infrastructure
Unit 42 Five threat participants were detected and identified , They use unique upgrade technology to collect credentials and directly face the cloud service platform . among , Three perform container specific operations , Including permission discovery and container resource discovery , Two carried out the container escape operation , And all five collect cloud service or container platform credentials as part of their operation process . They are :
The team TNT: In terms of cloud identity enumeration Technology , The group is considered to be the most complex cloud threat participant , Its operations include Kubernetes Lateral movement within the cluster ,IRC The establishment of botnets and hijacking of infected cloud workload resources to mine Monroe currency cryptocurrency .
watchdog : Although skilled , But this group is willing to sacrifice their skills to improve the rate of visits ,Unit 42 say . It uses custom Go Scripts and from other groups ( Include TeamTNT) Reused encryption hijacking script , Is an opportunistic threat group for exposed cloud instances and Applications .
Jin Xin : Another opportunistic cloud threat participant has great potential for cloud credential collection , The team focused on the exposed Docker Daemon API, Use in Ubuntu Based on GoLang Malicious processes , And has begun to extend its operation to Docker Outside the container , Specifically for containers and cloud credential files contained in infected cloud workloads .
Rock :Rocke It's a “ Senior ” organization , Committed to improving cloud endpoint enumeration Technology , Specializing in blackmail software and encryption hijacking in cloud environment , And based on Linux Known for the computing power of damaged systems , These systems are typically hosted in a cloud infrastructure .
8220:Rocke Of “ Close relatives ”, The organization is incorporating containers into its goals . The tools commonly used in the operation are PwnRig or DBUSed, They are XMRig Monero Customized variants of mining software . It is believed that , The organization originated in Rocke Group software GitHub Branch .
IAM Configuration errors are a common entry point
Unit 42 It is suggested that the organization solve IAM Loophole , To protect its cloud infrastructure . Correctly configured IAM Can prevent accidental access , Provide visibility into cloud activities , And reduce the impact of safety events .“ however , Due to its dynamic nature and complexity , take IAM It's challenging to stay in the safest state . historically ,IAM Configuration errors have always been the entry point and hub most often used by cyber criminals .
To help protect the cloud environment from threats ,Unit 42 Express , Organizations should implement cloud native application protection platforms (CNAPP), Focus on strengthening IAM jurisdiction , And improve the degree of safety automation .( This article from the SCA Secure Communications Alliance , Reprint please indicate the source .)
版权声明
本文为[Like a breeze]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/04/202204230932157222.html
边栏推荐
- 108. 将有序数组转换为二叉搜索树
- Codeforces Round #784 (Div. 4)
- 数据清洗 ETL 工具Kettle的安装
- JS scope, scope chain, global variables and local variables
- kernel-pwn学习(4)--Double Fetch&&0CTF2018-baby
- 云身份过于宽松,为攻击者打开了大门
- JSON input of Chapter 14 of kettle paoding jieniu
- DVWA range practice record
- Enter "net start MySQL" and "system error 5. Access denied" appears. Detailed explanation of the problem
- Expansion of number theory Euclid
猜你喜欢
STM32 and FreeRTOS stack parsing
PHP笔记(一):开发环境配置
Kernel PWN learning (3) -- ret2user & kernel ROP & qwb2018 core
云身份过于宽松,为攻击者打开了大门
Summary of wrong questions 1
亚马逊云科技入门资源中心,从0到1轻松上云
Go language learning notes - array | go language from scratch
Kettle experiment
3、 6 [Verilog HDL] gate level modeling of basic knowledge
501. 二叉搜索树中的众数
随机推荐
Kernel PWN learning (4) -- double fetch & 0ctf2018 baby
Your guide to lowering your cholesterol with TLC (continuously updated)
个人主页软件Fenrus
Leetcode0587. 安装栅栏(difficult)
《信息系统项目管理师总结》第八章 项目干系人管理
Chinese Remainder Theorem and extended Chinese remainder theorem that can be understood by Aunt Baojie
MySQL of database -- basic common query commands
108. Convert an ordered array into a binary search tree
High paid programmer & interview question series 91 limit 20000 loading is very slow. How to solve it? How to locate slow SQL?
Codeforces Round #784 (Div. 4)
阿里云架构师解读四大主流游戏架构
[geek challenge 2019] havefun1
MySQL - Chapter 1 (data type 2)
Two methods of building Yum source warehouse locally
Sql1 [geek challenge 2019]
Pre parsing of JS
kernel-pwn学习(4)--Double Fetch&&0CTF2018-baby
Chapter VIII project stakeholder management of information system project manager summary
nn. Explanation of module class
Practice of Flink streaming batch integration in Xiaomi