eBook
Detect.
Harnessing the intelligence of AI, Conceal identifies emerging threats in real-time, ensuring you’re always a step ahead.
System, software, and hardware misconfigurations remain extremely prevalent as digitalization continues to be part of the security team’s transformation strategy. Security teams are overwhelmed with the changes happening around them and oftentimes put configuration validation on the back burner. Misconfigurations give adversaries specific targets to probe, looking at common software and hardware for common configuration errors.
Examples
Accenture
In September of 2017, Accenture fell victim to the compromise of client data after threat actors discovered and compromised a misconfigured AWS service. After leaving four of the company’s AWS S3 buckets open to the public, threat actors were able to expose hundreds of gigabytes of client and company data. The databases contained confidential API data, customer information, and certificates. The buckets, “configured for public access” resulted in 40,000 plaintext passwords being compromised, too.
U.S. Municipalities
In another case of Amazon S3 bucket misconfigurations, US municipalities across the United States were left exposed in 2021. In this misconfiguration breach, it was found that more than 1,000GB of data and over 1.6 million files were compromised. In this data breach, more than 80 misconfigured S3 buckets were compromised during the attack which included data relevant to residential records such as tax information to business information and government job applications. These misconfigured buckets were accessible without a password and the data was not encrypted.
Protect Against Misconfigurations
First and foremost, an easy way to protect against misconfigurations is creating a policy that does not allow for default accounts and passwords to be used. While this sounds simple, this is one of the largest configuration mistakes seen. Additionally, removing or disabling unnecessary features such as ports, unneeded services, leftover pages, and unused accounts, minimizes the attack surface of the application. Oftentimes, tools can be leveraged that can check for misconfigurations in application or cloud services and remediate improper configurations without adding more work on your security team’s plate.
Conceal’s Solution to Misconfigurations
Conceal helps prevent exploitation of misconfigurations by removing internet facing attack surface from applications and infrastructure. When you place your infrastructure and applications behind ConcealCloud you make them invisible to opportunistic and targeted attacks.
ConcealCloud also provides zero-trust access to individuals and infrastructure to protected resources. The Conceal model automatically protects against accidental misconfigurations as well as zero-day and unpatched application vulnerabilities by eliminating attacker visibility into your infrastructure. This means that the common risks such as human error and previously unpublished vulnerabilities that have no patches (think Log4J) are automatically mitigated.
