Intelligent CISO Issue 50 | Page 38

Any cloud security solution is only as good as the intelligence engine behind it so ask your vendor how they stay on top of emerging and zero-day threats . critical vulnerabilities within the cloud infrastructure itself that can be much more difficult to guard against .
FEATURE

Any cloud security solution is only as good as the intelligence engine behind it so ask your vendor how they stay on top of emerging and zero-day threats . critical vulnerabilities within the cloud infrastructure itself that can be much more difficult to guard against .

Take the OMIGOD flaw , for example , which broke the floodgates when it came to attacking cloud services in 2021 . In September , four critical vulnerabilities were discovered in the Microsoft Azure software agent that enabled users to manage configurations across remote and local environments . An estimated 65 % of Azure ’ s customer base was made vulnerable by this exploit , putting thousands of organisations and millions of endpoint devices at risk . Through this OMIGOD flaw , threat actors were able to execute remote arbitrary code within an organisation ’ s network and escalate root privileges , effectively taking over the network . As part of its September 2021 update , Microsoft addressed the issue but the automatic fix that it released appeared ineffective for several days . Further flaws were exposed in Microsoft Azure ’ s cloud services throughout the year , including the ‘ ChaosDB ’ vulnerability which allowed cybercriminals to retrieve several internal keys used to obtain root privileges that would eventually enable them to manage the databases and accounts of targeted organisations . Businesses made vulnerable by this particular ‘ open door ’ included Coca-Cola , Skype and even security specialist , Symantec .
38 www . intelligentciso . com