CISA Says SaaS Providers Under Attack
CISA is warning businesses that SaaS providers are under attack as a way to steal their customers’ credentials. If you think about this, it makes sense.
This came after Commvault, a cloud-based backup solution, was compromised using a zero-day.
What is interesting is how they planned to exploit the vulnerability.
Commvault claims that no customer data in their backups was was compromised. If so, what was the game plan?
CISA said that the zero-day gave the hackers a way into Commvault’s application.
That gave the hackers a way to access Commvault’s customers’ Microsoft 365 environment. This is a requirement for Commvault since you have to be able to access the data to back it up.
That environment had Azure secrets stored in it (in order to gain permissions to access the data to back it up).
The rest, as they say, is history.
While this is intriguing, what CISA says is that this may be part of a much larger attack that uses this technique to wiggle the hacker’s way into your environment using a bug or weak security at one of your cloud SaaS vendors.
Also note that while this was an attack on Microsoft Azure, the reality is that this attack will work on any cloud environment as long as the customer and the cloud provider run in the same environment, which is typical.
If this raises concerns, please reach out to us. Credit: The Register
by 