The team conducted a red team exercise on a high profile company with a large cybersecurity team to find the vulnerability in their cloud configuration. Surprisingly, the team could take over the company's AWS environment due to a misconfigured IAM role ("AssumeRole")which lead to access S3 buckets and encryption keys. This red team exercise revealed that the vulnerability of the system wasn't AWS misconfiguration but IAM role misconfiguration. The misconfigured identity in the cloud impact is much greater than on-premise system.
So, how do companies prevent from this happening? First, practice the concept of least privilege. 74% of JAPAC & EMEA organizations use admin role for workloads. It is recommended to grant non admin role for workloads operations. Second, automate scanning their IAM roles looking for the misconfigurations and fix it. Third, don't gloss over the cyber security due to the cost. The attackers are gotten smarter and it is harder to catch them because they design their scripts to run at a low utilization. The attackers use misconfigured environments for cryptojacking.
No comments:
Post a Comment