Security flaw in Microsoft Azure
The cybersecurity experts at CyberArk have uncovered a critical vulnerability in Microsoft Azure which allows hackers to control user accounts. Bringing this vulnerability to light is basically hitting a panic button on cloud computing providers and will have other key market players, Amazon and Google, examining their own services with a fine-toothed comb.
This specific vulnerability, dubbed ‘BlackDirect’ has hit the Microsoft OAuth 2.0 applications and allowed malicious attackers to not only access and control user accounts, but to create new tokens with victims’ permissions. CyberArk researchers commented that:
“All the attacker must do is get their victims to click on a link or visit a compromised website, which can be done easily with simple social engineering techniques.”
This type of hack is particularly frightening because it has attacked one of the bigger business service providers, in a frequently used protocol for authorizations. Basically, cloud services that we are heavily relying on for day-to-day business are under attack, even at the top. Not only that but as OAuth 2.0 is the next generation of the OAuth protocol, it doesn’t exactly bolster Microsoft’s reputation.
What is Azure anyway?
Unless you have been living in the clouds, not the azure-colored ones obviously, Microsoft Azure is a cloud computing service that is similar to and competes with Amazon Web Services (AWS) and the Google Cloud Platform.
Now there are cloud services and then, there are cloud services. Most of us think about simple data storage, but that doesn’t apply to the heavy hitters: Azure like AWS and Google Cloud provide ‘computing as a service’ for enterprises, small-medium business, and even individual users.
That means that businesses who want to grow but aren’t oozing cash, can purchasing additional and expensive server hardware and get Microsoft( Amazon or Google) to host it all: web servers, email servers, databases, file storage servers, virtual machines, user directories, that’s right – all of it!
The cloud in this circumstance shares the hardware and automatically assigns work, you pay for cloud usage. These cloud services are incredibly attractive because they are cheap and totally scalable, however, are they safe?
The BlackDirect Vulnerability
According to CyberArk, the short answer is no. The vulnerability in Microsoft Azure showed a real flaw in planning, as through the OAuth process, anyone can register to the applications, as they trust domains and subdomains not registered on Microsoft.
Researchers found that this makes it possible to get the user’s permission, including access to Azure resources, and Active Directory resources.
This exposure has far-reaching implications, the BlackDirect vulnerability attack, if exploited, can compromise servers, leave sensitive data exposed and give the opportunity to encrypt the organizations' data with ransomware. If hackers gain control of the domains and URLs that Microsoft authenticates, then tokens can be generated automatically. This is cyber penetration from the inside-out.
How to mitigate Cloud risks
- Remove unnecessary redirects.
- Make sure all trusted redirect URIs configured in the application is under your specific ownership.
- Disable unused applications