Supply chain in the cloud at risk of security

Edited by LineaEDP 09/29/2021 In Cloud Threat Report H2 2021, Palo Alto Networks highlights how supply chain security threats in the cloud continue to grow

Despite media coverage of SolarWinds and Kaseya breaches, supply chain security threats in the cloud continue to grow. This was noted in its Cloud Threat Report H2 2021 Palo Alto Networks, according to which much remains to be defined about nature and the most effective means to defend oneself. To better understand how supply chain attacks occur in the cloud, Unit 42 researchers analyzed information from a variety of public data sources around the world and, at the request of a large SaaS provider, ran a red team simulation. against the software development environment. Overall, the findings indicate that many organizations are still lulling themselves into a false sense of supply chain security in the cloud. Case in point: Despite limited access to the customer's development environment, it took a single Unit 42 researcher only three days to uncover several critical flaws that could have exposed the company to an attack similar to those of SolarWinds and Kaseya. Based on Unit 42's analysis of previous supply chain attacks, the report describes the scale of the attacks, little-known details about how they occur, and best practices organizations can adopt to safeguard their supply chains in the cloud. . Supply chain defects are difficult to detect During the simulation at the SaaS provider, the researchers were able to exploit the misconfigurations in the software development environment, taking control of the customer's software development processes. This level of access allowed them to monitor software flow and attack the supply chain. All this by exploiting process and security holes, such as hard-coded credentials. The simulations of the red team, such as the one performed by Unit 42, show how poor hygiene in supply chain security can impact the cloud infrastructure. The customer maintains what most enterprises would consider a mature cloud security posture, however, Unit 42 researchers found that 21% of security scans performed in the development environment resulted in misconfigurations or vulnerabilities (a number that aligns perfectly with the industry average of 20%). The researchers believe it is highly probable that the techniques employed during the exercise could be successfully performed against many organizations developing applications in the cloud.

Third party code represents a hidden risk

Based on a comprehensive analysis, Unit 42 found that 63% of third-party code models used in building cloud infrastructures contain insecure configurations. Even more disheartening, 96% of third-party container applications deployed within the cloud infrastructure include known vulnerabilities. In most supply chain attacks, an attacker compromises a supplier and injects malicious code into software used by customers. Cloud infrastructure is susceptible to a similar approach: Uncontrolled code could give rise to security holes in the cloud infrastructure, providing attackers with access to sensitive data in the cloud environment. Such a flaw can be riskier than one in software, as it can directly impact hundreds of cloud workloads, such as virtual machines and data storage. The challenge with third-party code is that it could come from anyone, including a persistent advanced threat (APT). This raises the stakes for code, intended to be shared and used by others. Given modern cloud software development practices for sharing and integrating third-party code - and creating complex structures that depend on many other building blocks - if an attacker compromised third-party developers or their code repositories they would have the ability to infiltrate the cloud infrastructures of thousands of organizations.

EDP ARTICLE unit-42-cloud-threat-report-2h-2021