A critical security vulnerability in Microsoft’s Azure cloud database platform – Cosmos DB – could have allowed complete remote takeover of accounts, with admin rights to read, write and delete any information to a database instance.
According to researchers at Wiz, any Azure customer could access another customer’s account without authentication. The vulnerability in CosmosDB was related to the Jupyter notebook feature added to CosmosDB in 2019, where the attacker could manipulate the local Jupyter notebook and escalate privileges to other customer notebooks containing several customer secrets, including their CosmosDB primary key.
The vulnerability affects only CosmosDBs that had Jupyter notebook enabled and allowed access from external IPs. However, the impact is significant since the Jupyter notebook feature was automatically turned on for all new DBs after Feb. 2021. Moreover, most CosmosDBs allow cross-tenant access since they use firewall exceptions like “Allow traffic for Azure data centers.”
Though Microsoft’s security teams took immediate action to take down the vulnerable notebook service, customers are still required to perform mitigation steps and regenerate their keys due to the risk that their CosmosDB primary keys were exposed to third parties.
Pravin Kothari, Senior Vice President of SASE Products at Lookout, explains that this is the latest example of the challenges facing even the most prominent technology giants in safeguarding user information.
Kothari says, “It serves as a wake-up call for businesses to be aware that weaknesses even exist in the cloud providers themselves. As more businesses migrate to the cloud and employees rely on mobile devices, the crown jewels of sensitive personal and corporate data are getting more difficult to monitor and protect. Businesses do not have visibility and control over who is accessing their information, when and how. Criminals are also finding it far easier to target the cloud to access and steal boatloads of information.”
Kothari adds that many businesses are not doing enough to protect their client-sensitive PII information even with the increasing risks. “They do not realize that cloud services are not bulletproof. They assume that their information is safe with service providers. However, a simple misconfiguration, malicious insider, or abuse of API could cause significant exposure and havoc, as we saw with Equifax and SolarWinds. Today’s attackers are agile and constantly come up with new ideas to circumvent many security strategies organizations have implemented. With hybrid work being the norm, data flows wherever it’s needed. This is why organizations need to change their security approach from network-centric to data-centric. Focusing on the data naturally shifts the security mindset from the traditional corporate network to a zero-trust approach applied across all users, devices, and data. Implementing a zero-trust strategy is the key to securing your data in today’s evolving threat landscape.”
“With the rise of hacking and exposures in the cloud and third-party apps, organizations need to focus on cloud security and data protection in an unconventional way. Migration to the cloud presents many unique challenges in protecting your data and has given rise to a new generation of Cloud Data Protection solutions, especially with seamless rights management (EDRM) and such capabilities.
“Organizations must be aware of the growing risk with their data in the cloud and always protect personal identifiable information (PII) and protected health information (PHI). With the increasing number of regulations on data privacy of individuals, such as GDPR, PCI DSS, HIPAA and CCPA, exposing such data opens the organization to breaches, reputational damage as well as stiff penalties.
“Organizations need to modernize their security approach to zero trust without increasing operational complexity. Implementing too many point solutions will end up slowing things down and could leave you exposed to risk. The key is to leverage solutions that take a platform approach so you can efficiently solve multiple challenges at once. Access to cloud and SaaS apps should be monitored and enforced through a cloud access security broker (CASB) solution. In order to round out the zero-trust approach, CASB should be combined with zero trust network access (ZTNA) for private apps as well as mobile endpoint security (MES) to protect against risky mobile devices, phishing, and application threats. Together, the combination of CASB, ZTNA, and MES in one platform enables organizations to implement zero trust across all users, devices, networks and data to mitigate the risk of a breach in today’s fluid data environment.”
