Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 17 May, 2022
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

What Real-Life SaaS Attack Misconfiguration Exploits Can Teach Us

By: Maor Bin, CEO & Co-Founder of Adaptive Shield

by Maor Bin
April 12, 2022
in Cloud Security, Featured, Insight, News
Jack Lindsay IT Security Guru
Share on FacebookShare on Twitter

It’s unfortunate, but true: SaaS attacks continue to increase. You can’t get around it, COVID-19 accelerated the already exploding SaaS market and caused industries not planning on making a switch to embrace SaaS.

With SaaS apps becoming the default system of record for organizations, it has left many struggling to secure their company’s SaaS estate. CISOs and security professionals work to limit this burgeoning threat landscape, however, it’s a work in progress.  

One slight misconfiguration or unsafeguarded user permission presents a possible attack vector. The thing is that most organizations now have hundreds of SaaS apps. This amounts to hundreds of global settings as well as thousands to tens of thousands of user roles and permissions to configure, monitor and consistently update. It’s no wonder there are so many exploitable misconfigurations with the sheer volume of settings and configurations.  

There are a few notable exploited misconfigurations, from default built-in file sharing, and lack of password enforcement, albeit no password to multi-factor authentication (MFA), to the risks of legacy protocols and OAuth apps, that can bring a little clarity to understanding the complex landscape that is a company’s SaaS security posture.

Default authorization misconfiguration exposes NASA, among many others

Security researcher Avinash Jain found a single security misconfiguration in the JIRA collaboration tool that opened up many Fortune 500 companies as well as NASA to a potential leak of corporate data and personal information. This information disclosure was the result of an authorization misconfiguration in Jira’s Global Permissions settings.

When the filters and dashboards for the projects/issues are created in JIRA, then by default the visibility was set to “All users” and “Everyone” respectively. Instead of sharing roadmap tasks etc. internally, it shared them publicly.

Lesson 1: Check file sharing configurations in every SaaS to ensure confidential information is not shared publicly.

Attackers target Citrix with insecure legacy protocols

60% of Microsoft Office 365 and G Suite tenants have been targeted with IMAP-based password-spraying attacks, according to researchers. The attackers target the legacy and insecure IMAP protocol to bypass MFA settings and compromise cloud-based accounts providing access to SaaS apps. It’s reported that Citrix was one such target in an ironic twist as they specialize in federated architectures, yet the FBI suggested that the attackers gained a foothold with password spraying and then bypassed additional layers of security.

The use of legacy protocols such as POP or IMAP, make it difficult for system administrators to set up and activate MFA. “Attacks against Office 365 and G Suite cloud accounts using IMAP are difficult to protect against with multi-factor authentication, where service accounts and shared mailboxes are notably vulnerable,” researchers assert.

Lesson 2: Ensure MFA is activated for all users in all apps, even for super admins.

OAuth enables consent phishing in O365

Also known as consent phishing, OAuth is highly interesting for bad actors as it is an extremely common, almost inherent action taken by users — and prone to implementation mistakes. Once victims click on the deceptive OAuth app, they allow installation of any number of malicious activities.  

Microsoft warns users to be on the lookout for deceptive OAuth apps to avoid malicious attacks, like many remote workers using O365 experienced in September and December of 2020.  

Lesson 3: Implement a security protocol to onboard new apps and limit user permissions in all apps.

What can we do to prevent SaaS misconfigurations?

There is a way to protect users from deceptive OAuth apps, misconfigurations and misappropriated user permissions that doesn’t involve implementing each of these lessons one at a time (among  others). An emerging category named by Gartner, SaaS Security Posture Management (SSPM) refers to solutions that take an automated approach to tracking, and even remediating, the exploitable misconfigurations in organizations’ SaaS apps like Microsoft’s 365, Google Workspace (formerly Google Apps), Salesforce, Slack, Zoom, Box, Dropbox, among others.

“Over the years, the cybersecurity industry has tried to address these misconfigurations and vulnerabilities with varying degrees of success,” remarks Maor Bin, CEO of Adaptive Shield, the market-leading SSPM solution. “For example, Cloud Access Security Brokers (CASBs) are event-driven. When it comes to SaaS apps they are reactive, focusing on the detection of breaches once they have occurred. This doesn’t help in preventing the SaaS misconfiguration from causing the breach in the first place. There are also Cloud Security Posture Management tools (CSPM), yet they mostly address IaaS and PaaS security use cases. What’s needed are strong and effective controls dedicated to monitoring and remediating SaaS misconfigurations.”

SSPM solutions, like Adaptive Shield, are built to help CISOs and security professionals handle the profound change to an expansive SaaS ecosystem and prevent misconfiguration vulnerabilities from leading to a leak or breach.

About Maor Bin, CEO & Co-Founder of Adaptive Shield

A former cybersecurity intelligence officer in the IDF, Maor has over 16 years in cybersecurity leadership. In his career, he led SaaS Threat Detection Research at Proofpoint and won the operational excellence award during his IDI service. Maor got his BSc in Computer Science and is CEO and co-founder of Adaptive Shield. 

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Pegasus spyware targeted EU officials

Next Post

CISA warns of Russian state hackers exploiting WatchGuard bug

Recent News

Armis: Top Performer in Asset Visibility and Real-Time Detection in MITRE Engenuity ATT&CK® Evaluations for Industrial Control Systems (ICS)

Armis Launches new ‘Critical Infrastructure Protection Program’

May 17, 2022
jigsaw

Thanos and Jigsaw ransomware linked to 55 year old doctor

May 17, 2022
Google logo

Italian police thwart Eurovision cyberattack

May 17, 2022
nuclear power stack

UK announces nuclear cybersecurity strategy

May 16, 2022

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information