Cloud accounts continue to be a valuable target for cybercriminals: not only do the resources of a compromised IaaS environment grant an immediate profit for the attackers, but the same infrastructure also provides a trusted environment to launch attacks against other targets.
The Sysdig Threat Research Team has detected an attack that can be attributed to the TeamTNT. The initial target was a Kubernetes pod exposed outside the network. Once access was gained, the malware attempted to steal AWS credentials using the EC2 instance metadata. TeamTNT is a threat actor that conducts large-scale attacks against virtual and cloud solutions, like Kubernetes and Docker.
Gartner made an interesting prediction just a few years ago: “Through 2025, 99% of cloud security failures will be the customer’s fault.” Practically every single cloud security failure can be fairly described as a misconfiguration of one kind or another. The 2025 end is kind of arbitrary, really; the prediction is likely to be true until the end of time. In my previous article, I discussed targeting these misconfigurations at their root.
In our last blog post How to Pass a FedRAMP Audit for SaaS Providers: Part 1 , we looked at what FedRAMP is and why it matters for SaaS providers. We also discussed a success story with one publicly traded Teleport SaaS customer who used Teleport to pass their FedRAMP audit.
Since January 2020, Microsoft Azure SQL DB has grown nearly 3x in popularity. This rapid growth comes as no surprise as Platform-as-a-service (PaaS) offerings have many benefits in the migration strategy from traditional SQL Server database workloads. The Microsoft PaaS offering, Azure SQL Database, takes care of mundane tasks once performed by Infrastructure Engineers such as patching operating systems and applying SQL Server updates or critical security patches.
Executive Order 14028 on Improving the Nation’s Cybersecurity was released in May with nine sections outlining specific focus areas for security improvements. As we noted at the time, Netskope applauded the EO for how it placed significant emphasis on zero trust security adoption, mentioning it no fewer than 11 times, and insisting on proactive action.
In this blog, we’ve analyzed data from Netskope customers that include security settings of over 1 million entities in 156,737 Google Cloud (GCP) projects across hundreds of organizations (see Dataset and Methodology for more details on the dataset). We will specifically look at the configuration of service accounts, see what’s commonly occurring in the real world, and analyze how multiple security misconfigurations can lead to escalation of privileges and lateral movement.
You work at a SaaS provider, and now you need to pass a FedRAMP audit. If that describes you, read on. This post will tell you (almost) everything you need to know about how to pass a FedRAMP Audit. For the rest, reach out to us. We will put you in touch with one of our Solution Engineers like me who have helped some of the largest SaaS providers in the world pass their FedRAMP audit prior or after IPOing. It’s what we do.
We are very excited to announce that Snyk has achieved AWS Security Competency status, further validating our commitment to security excellence in partnering with AWS!
