Cloud Services From Major Providers Including Amazon and Microsoft Vulnerable To the Widespread SolarWinds Hack

/in


While the SolarWinds hack primarily targeted in-house infrastructure, the breach has morphed into a multidimensional assault on key computing infrastructure, including cloud services.

The SolarWinds supply chain attack, which was broad in scope and sophisticated in nature and execution, could affect popular cloud-based services provided by key players, including Microsoft and Amazon. This is because the SolarWinds Orion software, widely used for network monitoring, could be deployed in cloud environments.

Under such conditions, it might have privileged access to AWS and Microsoft Azure API keys, Identity and Access Management (IAM) services, and other security credentials.

Similarly, compromised Orion software running on in-house environments allows attackers to authenticate against cloud platforms by manipulating the Security Assertion Markup Language (SAML) to create access tokens.

Hackers targeting cloud platforms and services

Details from the NSA and Microsoft show that the suspected Russian hackers behind the SolarWinds hack were targeting cloud services such as Office 365.

Additionally, Reuters’ reporting claimed that hackers had compromised cloud services on National Telecommunications and Information Administration’s Microsoft Office 365 account and monitored staff emails for months.

Similarly, a recent report by Microsoft also revealed that the attackers tried to read CrowdStrike’s emails through a compromised reseller’s Microsoft Azure account.

SolarWinds hack threatens cloud services in myriad ways

SolarWinds hack attributed to suspected Russian hackers threatens various cloud infrastructure such as AWS and Microsoft Azure in several ways.

Firstly, Orion databases store AWS and Azure cloud platforms’ API keys alongside other security credentials. Attackers could later access the stored security identifications to compromise other cloud services.

Similarly, SolarWinds Orion software deployed on AWS or Azure cloud platforms has access to root API keys. These privileges grant an attacker full admin access to the cloud services running on the platform.

Orion software also requires access to Identity and Access Management (IAM)…

Source…