How the Cloud allowed Hacker to obtain sensitive consumer information from Capitol One and How you can protect your organization.
It is no surprise that many organizations are moving their on premise data infrastructure to the cloud. With ease of management, lower costs, and less infrastructure overhead it just makes financial sense. Reading headline news you will see that the latest data breech exposed the personal information of approximately 106 million of Capitol One’s customers. It is reported that this data was accessed from Capitol One’s Cloud instance of AWS web services by utilizing an exploit that was caused by a misconfigured firewall. The question is how or could this breech have been avoided?
Executives and Information Technology leaders have recognized that there is financial and operation advantage of moving server infrastructure offsite and into the cloud. The simple fact that you no longer have to manage hardware such as process servers, storage infrastructure, and the dreaded backups is reason enough for most to leverage cloud infrastructure. To further drive the decision, the cloud has enticed organizations to make the move by making it appear overall cheaper and creating a win/win for the business.
Because of the reduced overhead of managing on premise physical infrastructure many organizations are able to reduce staff or redirect staff to work on automation projects that will streamline business process and increase overall profitability. While on the surface this appears to be a win for the organization it can ultimately have negative impacts on the business.
The harsh reality is many Information Technology professionals simply do not understand how cloud infrastructures work. Most see it as this great pie in the sky that can reduce operational duties, which it can. However, if your cloud infrastructure is not setup properly your organization could be exposed to greater cyber risks. This is exactly how Capitol One suffered a cyber-breech.
The Cyber attacker took advantage of a misconfigured open-source web application firewall in Capitol One’s AWS instance. The misconfiguration in the web application firewall allowed the attacker to take advantage of a vulnerability that allowed the attacker to trick the firewall into executing metadata scripts to request data from the server. This led to the exfiltration of data that affected customers. Reported so far are 140,000+ social security numbers and 80,000+ account numbers of US based customers.
At the end of the day it is a little unknown fact that setting up cloud infrastructures require intimate knowledge of how cloud infrastructures function. Information Technology professionals that work with cloud infrastructure typically have direct knowledge of how cloud security works, what services/systems are exposed to the internet, and how to protect the environment.
The best method to ensure your systems are safe and secure in the cloud is to have someone with specialized cloud infrastructure knowledge. If you are looking for support or would like someone to take a second look at your cloud infrastructure, please feel free to reach out for a free consultation.
You can reach me at [email protected] or 863-734-8060.