Amazon Web Services Brings Down the Web | Ron Benvenisti

The end of the year is rapidly approaching and, companies of all sizes are busy with their 2022 IT plans and budgets. Many companies are choosing to provide their offerings as a Software as a Service (SaaS) also known as “cloud computing”.

SaaS works by adding it to on-premises applications to create a hybrid IT architecture to connect to and use cloud-based apps over the Internet. Many companies have completely replaced their on-premises applications with offerings such as Microsoft’s Azure, IBM’s offering, and Amazon’s AWS(Amazon Web Services).

There are still security risks to consider in a cloud architecture. Just last week Amazon’s AWS brought thousands of customers “down” (un-operational). In fact, the Amazon outage was caused by a previously unknown problem in their cloud offering that took down much of the internet including other IT and consumer providers long with a litany of phone services.

Among the services that reported issues as a result of the outage were Disney’s streaming subscription service, Disney+, Netflix, Slack, Ticketmaster, stock trading app Robinhood, and Coinbase, the largest cryptocurrency exchange in the U.S.

The outage also brought down critical tools used inside Amazon. Warehouse and delivery workers, along with drivers for Amazon’s Flex service, reported that they couldn’t access the Flex app or the AtoZ app, making it impossible to scan packages or access delivery routes.

The outage is apparently still hitting Amazon’s retail operations at a in the middle of “peak season,” when holiday shoppers place a flurry of orders and the e-commerce giant is under immense pressure to make sure their packages arrive on time.

Headaches for Amazon Sellers

In a statement, Amazon spokesperson Richard Rocha confirmed Amazon’s warehouse and delivery operations were experiencing problems as a result of the AWS outage. Rocha added that the company is “working to resolve the issue as quickly as possible.”

Many software services such as email, calendaring, and office tools (such as Microsoft Office 365) which are easily migrated to the cloud are precisely the most vulnerable to “Phishing Attacks” where users are clicking on authentic looking links that will compromise everything from Personal Private Information (PPI), from passwords, banking, and credit cards to Private Healthcare Information (PHI). Let’s do a quick review of the SaaS Security challenges for 2022

The Top Three

1. Configuration Management

SaaS apps such as GitHub, Microsoft 365, Salesforce, Slack, SuccessFactors, Zoom, Skype, Team-Viewer and many others, which are used to enable employees and customers to maintain productivity under the most challenging of circumstances. Many companies are having a hard time adequately addressing the ever-changing security risks of each app. Migration to the cloud is not a “one-click” operation.

Simple Miscalculation: Businesses are tasking their tech teams to focus on security to ensure that the security configurations for each app are set correctly.

The problem is no two applications are the same. Specific settings and configurations are unique to each application. SaaS environments can consist of hundreds of apps. This presents an unrealistic burden on the shoulders of IT management and security personnel.

It literally takes superhuman computing power to be able to monitor thousands of configurations and user permissions daily to secure the organization’s SaaS application portfolio.

2. Users Privileges and Access Control Throughout the Organization

An example would be the typical employee, who is generally untrained in security measures, and how their access or privileges increase the risk of sensitive data being stolen, exposed, or compromised. The use of SaaS apps has skyrocketed because they can be deployed and adopted, foremployees, managers and students who are working everywhere. The need for strengthened governance for privileged access is paramount.

The Covid-19 crisis in the working climate has greatly accelerated the switch along with the flaws, patches, updates,and cyber-attacks by malicious actors.

Organizations now need the capability to reduce risk caused by over-privileged user access and streamline user-to-app access with frequent audit reviews. A consolidated visibility of a person’s accounts, permissions, and privileged activities across their SaaS environment (including all business locations, partners and affiliates, supply chain, billing, and phone providers).

3. Ransomware Via SaaS

When threat actors target your SaaS applications, they can use the basic to the most sophisticated methods. A traditional vectorof a business email account attack through a SaaS application almost always follows this pattern:

• Cybercriminal sends something called an OAuth application phishing email. (OAuth is an open-standard authorization protocol) that gives applications the ability for “secure designated access.” For example, you can tell Facebookthat it’s okay for ESPN.com to access your profile or post updates to your timeline without having to give ESPN your Facebook password. In the event ESPN suffers a breach, your Facebook password remains safe.

• User clicks on the link in the phishing email.

• User signs into their account.

• The application link requests the user to allow access to read email and other functionalities.

• The user clicks “accept.”

• This creates an OAuth token which is sent directly to the cybercriminal.

• The OAuth token gives the cybercriminal control over the cloud-based email, database, private data, drives and Access Control Lists (ACL), etc. (this is based on access privileges of the user, device and applications to which access was granted.)

• Cybercriminal uses OAuth to access email or drive, etc., and encrypt it.

• The next time the user signs into their email or drive etc., they will find their info encrypted. The ransomware attack has successfully been deployed.

• The user receives a message that their email has been encrypted and they need to pay to retrieve access.

Ransomware is a specific type of attack through SaaS; but other malicious attacks through OAuth applications can occur in an organization’s environment with a single click by a user.

Most security breaches are by people who are uninformed of the risk and Human Resources Departments should educate their employees regarding the risks that could literally cost the company thousands of dollars, damage their reputation, and even be fined by regulatory agencies. They should educate their users as to password strength and report any anomalies that crop up in their use of applications and communications.

Cloud computing presents many new challenges to IT technical and security personnel. Users must be educated in the potential risks the applications they use present. Technical staff must constantly make sure all their platforms (Operating systems, File Servers, Workstations, Printers and other network connected devices – especially in healthcare and payment processing). All connections with partners and third-party providers like suppliers, phone systems, payroll and billing must be thoroughly vetted per regulations like PCI-DSS, HIPAA and best practices like the NIST (National Institute of Standards and Technology) SIEM (Security Information and Event Management). SIEM is a methodology that collects security data from network devices, servers, domain controllers, and more. SIEM stores, normalizes, aggregates, and applies analytics to that data to discover trends, detect threats, and enable organizations to investigate any alertsand remediate security issues.

Wishing everyone a healthy, prosperous and cybersafe 2022.