Microsoft Azure Cosmos DB Incident Underscores the Need to Closely Watch Cloud Data

  /     /     /  
Publicated : 23/11/2024   Category : security


Microsoft Azure Cosmos DB Incident Underscores the Need to Closely Watch Cloud Data


Even businesses that do everything right still need to monitor their data and cloud services.



Companies whose data had been accessed by researchers in the process of discovering a significant vulnerability in Microsofts Azure Cosmos DB service should rotate their keys immediately, and all users of the database service should institute role-based access controls.
Thats among the recommendations Microsoft included in a blog post published last week after being notified by cloud security firm Wiz.io that the company had found a pathway to access other firms data stored in the service. Researchers with the firm Wiz.io reported a vulnerability in the way Microsoft had integrated the Azure Cosmos DB service with Jupyter Notebooks, an open source data science platform for creating interactive workspaces. 
Anyone who created a Cosmos DB instance and then used Jupyter Notebooks could access other customers instances,
according to the researchers
.
But the incident did not result in any data being accessed by anyone besides the researchers, Microsoft said. Our investigation indicates that no customer data was accessed because of this vulnerability by third parties or security researchers, Microsoft stated in
its Aug. 27 blog post
, adding that it performed a broad forensic analysis. We ... expanded our search beyond the researcher’s activities to look for all possible activity for current and similar events in the past. Our investigation shows no unauthorized access other than the researcher activity.
The incident was a reminder for companies that even the Big Three cloud providers can make mistakes and that organizations have to still worry about cloud database security. While managed services are more typically secure, because such services also host a large number of organizations, a single vulnerability can have a major impact, says Karl Sigler, senior security researcher at Trustwaves SpiderLabs.
The risks are different in that cloud environments typically have dedicated teams performing ongoing audits, patching, monitoring, and confirming best practice configuration, he says. However, zero-day issues like this one with the Cosmos DB may have a much more severe impact than on-premises databases when exploited due to shared environments.
For that reason, companies should not rely on the security provided by cloud services. The shared responsibility model, which is the standard for the relationship between service provider and customer, put the onus for security on the customer.
Companies need to take the right steps to secure their data, even when a rare vulnerability crops up in the cloud service, says Mark Nunnikhoven, cloud strategist at Lacework.
To be clear, that pace of change and freedom to experiment is a very good thing for the business, he says. However, an organizations perspective on security needs to be updated to match it. The data needed to help improve an organizations security posture is there, they just have to put the right tooling in place to understand it.
Microsoft recommended that companies use role-based access controls to limit which users can access certain features and data. In addition, routine monitoring — for Azure, that involves diagnostic logging and using Azure Defender — can help detect unauthorized users.
Companies are still missing the basics like keeping on top of patching and maintaining ongoing audits of your configuration and setup, says Trustwaves Sigler. If they can get those processes moving smoothly and continuously, organizations should move onto providing defense in depth by keeping external controls like firewalls, IDS systems, and MFA up to date and configured properly for the services and data they are meant to protect.
Quick Response and a Big Bug Bounty
Overall, Microsofts response to the vulnerability came quickly, after being notified of the issue on August 12. The company fixed the issue within 48 hours and notified customers who had been affected by the vulnerability that they should create another primary read-write key. In addition, the company quickly paid the researchers the maximum bounty for vulnerabilities in Cosmos DB: $40,000.
Notifications have been sent to all customers that could be potentially affected due to researcher activity, advising they regenerate their primary read-write key, the Microsoft Security Response Center (MSRC) team said in its blog post. Other keys including the secondary read-write key, primary read-only key, and secondary read-only key were not vulnerable.
Overall, the handful of incidents that affect major cloud services should not dissuade companies from moving to the cloud. Cloud services continue to have a much better security track record than individual companies, says Laceworks Nunnikhoven.
Over the past two years, there have been three or four cloud service vulnerabilities from the big three CSPs [cloud service providers] in their custom offerings — so, something thats not in underlying commercial or open source software, he says. This low number of vulnerabilities, despite the high level of attention on cloud services, adds another data point to a growing list supporting the idea that you can be more secure in a cloud environment than on-premises.

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Microsoft Azure Cosmos DB Incident Underscores the Need to Closely Watch Cloud Data