Microsoft Azure Found to Have Multiple Weak Points
Technology news is always filled with stories of data breaches and hacker activity. The common thread in many of these stories is backdoor access for criminals to capture data and share that with malicious parties. In this article, we focus on the widely-used cloud computing software, Microsoft Azure.
Why is Microsoft Azure such an enticing target?
One of Microsoft’s “new” flagship platforms is Azure, the cloud computing powerhouse that allows corporations of all kinds to store data, develop applications, and offer efficient services. Azure is used by 95% of Fortune 500 companies and includes more than 200 products and services. With this kind of heft, you can see why it is such a tasty target for cybercriminals looking to steal information.
Microsoft is warning developers using the Azure Arc Jumpstart application to not re-use login credentials for an Arc project in any other Azure environment. That’s because until recently those credentials were stored in plaintext in a log file that is readable by any user on an Arc system. The vulnerability was discovered by researchers at Tenable.
For those who don’t know, Arc is a bridge for building cloud applications and services in Azure. Jumpstart is an environment to help developers jumpstart their work. A careless developer who reuses credentials in an Arc project could help an attacker get into other parts of an Azure environment.
Earlier in the year, Azure was targeted by a ransomware hacking group and were able to access its source code. While Microsoft claims that allowing internal open access to their source code doesn’t create vulnerabilities for customers or data, any company using this or other software should make sure their protection plans are proven and consistently tested.
In addition, one cloud security company was able to access digital keys with another of Azure’s systems, allowing them to change or delete millions of records. “It’s terrifying. I really hope that no one besides us found this bug,” said one of the researchers on the project. Customers using this program include Walgreen’s and Coca-Cola, giving you a peek at the scope of damage that was avoided.
There have been several other reports of security flaws or data breaches over the years within Azure. All these susceptibilities should set off alarm bells for any organization which collects customer data or stores valuable company information on the platform.
If you utilize Microsoft Azure, contact Enterprise Solutions Consulting today to assess its security and replace or patch your vulnerability before you or your organization falls victim.
How can you protect your most delicate data?
Software is always evolving, and cyber criminals are always looking for new ways to exploit loopholes in their systems, especially when it comes to login credentials. If patches and upgrades aren’t made, your organization is at risk of exposing sensitive data.
Over the years, we have uncovered thousands of dollars in wasted spending, untold hours of lost productivity, and inefficient technology systems. Our services give your organization saved time by expanding performance and security through network monitoring and protective maintenance. You can protect your data without having to sacrifice your level of support that your organization requires to move forward prosperously.
Contact Enterprise Solutions Consulting today for a discussion about what a Managed Service Provider can do for your organization. We’ll get your systems and processes assessed for vulnerability, lost billing, and missed opportunities.
Happy Managed Service Provider Clients
“Enterprise Solutions Consulting, I appreciate your leadership and how you model good service. You have an above average level of professionalism and integrity that is expressed through your work. This is what makes ESC great beyond delivering top shelf IT work.” – Processes Director, Chicago