Microsoft has alerted thousands of customers of a possible breach of its cloud systems because malicious people could read, modify and even delete their main databases.
According to the Reuters news agency, the discovery was made by a security researcher, formerly head of the cloud sector at Microsoft, Ami Luttwak.
The Sophos report
From phishing to ransomware in 5 steps: cybercrime is growing
The vulnerability would concern a flagship product of the Redmond company, the Cosmo database of the Azure platform. Luttwak, che today he is the CTO of cybersecurity company Wiz, he would find he could access the databases of thousands of Microsoft customers, including those at the top of the Fortune 500, that is, companies like Coca Cola and Exxon Mobil.
For this reason, the companies concerned have been informed of the need to change the way they access the platform and Microsoft would have awarded to the Wiz team a prize of 40 thousand dollars for having identified and reported the flaw: “We solved the problem immediately to ensure the protection of our customers. We thank the security researchers for working with us in the framework of a coordinated disclosure of the vulnerability, ”Microsoft told Reuters.
In the mail to customers, Microsoft claims to have no evidence that the flaw was exploited, but who discovered it was less diplomatic and said that “it is the worst flaw that can be found in a cloud system. This is the central Azure database, and we were able to access any customer database we wanted ”.
Luttwak’s team would have identified the problem on 9 August, nicknamed ChaosDB, notified on day 12. The problem would concern a visualization tool called Jupyter Notebook, available for years, but enabled by default within Cosmo only since last February.
Interviewed by Italian Tech, Carlo Mauceli, Cto and Ciso of Microsoft Italy, however, he specified that “we are not talking about cyberattacks, but about a software vulnerability and it is good that we are talking about it. Microsoft has always offered transparency through partners like Wiz, who works with us. We know that 100% security does not exist, but that it is a dynamic process and we are all understanding it, with the common will to find threats through a positive collaboration between companies and governments. In this case, I do not believe that the risk is high, because the vulnerability has already been repaired and the company is proceeding to notify all potential interested parties “.
Wiz though in a post pretty hard, titled ChaosDB, how we hacked thousands of Azure customer databases, reiterated that this series of flaws in a Cosmos DB feature created a loophole that allows anyone to download, delete or manipulate a huge amount of commercial databases, as well as read / write access to the underlying Cosmos architecture. DB. These are not just customers: companies like Coca Cola, Exxon Mobil and Citrix use Cosmos DB to manage huge amounts of data in real time, powering critical business functions such as processing millions of e-commerce transactions.
Rip effect
Rest in peace, but not too much: this is how ransomware gangs make fun of their victims
by Arturo Di Corinto
Trouble for Microsoft never ends
It must also be said that the fact that comes to public attention today comes after months of bad news for Microsoft, violated by the same Russian criminals who infiltrated the supply chain of SolarWinds, and other forays targeting Exchange email servers. The latest forced the US government to issue an alert to Microsoft customers to install patches to prevent the ransomware groups that are depopulating in recent months could exploit it.
The issue is huge, given that both Microsoft and others have pushed many companies to abandon their infrastructures and rely on the cloud for greater security. Also for this Cloud attacks can be devastating, because according to Luttwak, both vulnerabilities and attacks are not always reported.
For Roberto Mignemi, CEO of Roman Cybertech, “the vulnerabilities discovered on these databases are not new from the attackers’ point of view: in the past, others database NoSQL they suffered from critical weaknesses. What is surprising is that even giants like Microsoft are not immune from this kind of flaws, proving that we must never take anything for granted: security cannot be guaranteed only by a consolidated product, but by applying a set of countermeasures on several levels, which can mitigate any attacks “.
According to a Ponemon Institute study of 600 IT and cybersecurity professionals in the United States for Proofpoint, titled The Cost of Cloud Compromise and Shadow IT, compromising cloud accounts costs businesses over $ 6 million annually. For 68% of respondents, cloud account takeover poses a significant security risk to their organizations, a greatly increased risk in the past 12 months.
Microsoft, for twenty years among the top 5 companies in the world by capitalization, develops many products and is always the market leader in the operating systems area, with 85% of the market and invests heavily in the cloud, which today is the area of greatest development and competition to provide services available to anyone. Lately, during the meeting with President Biden and leaders from Google and Amazon, the company representative has promised to invest billions of dollars in cybersecurity.
.