[BreachExchange] Data Breaches Caused by Misconfigured Servers

Destry Winant destry at riskbasedsecurity.com
Thu Dec 27 08:36:36 EST 2018


https://www.scmagazine.com/home/opinions/data-breaches-caused-by-misconfigured-servers/

Misconfigured server infrastructure is often considered one of the
most significant causes of data breaches within the IT industry. This
human error phenomenon is usually unintentional, but it can have
catastrophic consequences regarding the exposure of sensitive personal
information as well as potentially damaging the reputation of your
business.

Data breaches have gathered a lot of news coverage, especially in
recent years and it is, unfortunately, a trend that appears to be on
the rise. Data is a valuable asset, especially to hackers who are
constantly targeting vulnerable systems.

It is difficult to offer exact figures of data breaches directly as a
result of misconfigured servers, however, data sources such as the
idtheftcenter.org suggest that there were approximately 1579 reported
data breaches in 2017 in the United States. 11% (circa 174) were data
breaches directly attributed to unauthorized access, their evidence
also suggests that business data breaches are on the rise.

Data breaches can often be the result of user error, typically when an
operator has misconfigured a platform or server which has resulted in
the ability of an external entity to gain unauthorized access. The
number of data records breached is staggering. Each data breach can
affect millions of people’s personal details.

With the proliferation of cloud computing, many businesses are
choosing to move their computing operations to the cloud, these
systems will often contain sensitive information which requires
adequately protecting. When a business chooses to make the jump to the
cloud, important decisions must be made about which technical teams
will drive the transition and ensure the security of the cloud
platform.

Securing data will always introduce a layer of complexity for users
when accessing data. If the transitional team lacks the knowledge and
understanding of a new cloud platform and the security requirements of
it, or indeed if no formal training has been offered to the teams,
then it is easy to realize why misconfiguration can happen.

Cloud computing often simplifies the process of deploying Information
Technology services; however, it is paramount that users understand
the principle security concepts of their chosen cloud provider. A
simple misconfiguration can open your server up to remote access by
anyone with an internet connection, or allow data to be accessed in a
similar fashion.

Many of the prominent examples of misconfigured data breaches relate
to incorrectly secured cloud services. In October 2017, private
customer information, certificates, 40,000 passwords and other
sensitive data from Accenture customers was left open to public access
with a misconfigured AWS S3 storage bucket. Essentially any person on
the internet could have accessed the files providing they knew the S3
bucket ID, despite this, Accenture claimed that no third party gained
unauthorized access.

Another high profile example is that of Tesla where hackers
compromised several servers hosted on AWS S3 Compute nodes to mine
bitcoin. This breach enabled unauthorized code to be executed within
several Kubernetes instances to run bitcoin mining scripts. This
extensive compute resource would have given the hackers significant
compute power to mine bitcoin transactions ultimately giving them a
revenue.

BJC Healthcare reported an unsecured server was left open to internet
access between May 2017 to January 2018, it is reported that patient
data including driving licenses, insurance details and treatment
documentation was stored on the server. Personal data such as names,
addresses, telephone numbers, and social security numbers were also
vulnerable. BJC published a statement claiming no data was accessed
during the time the server was at risk.

These examples highlight the organization’s lack of care taken when
securing sensitive data services within the cloud. Other typical
targets can include unsecured website backbend’s (such as WordPress or
Apache consoles) and open unencrypted NAS devices that listen to
incoming internet traffic.

SMB and FTP file servers are also commonly targeted, misconfiguration
here often occurs when businesses share data with customers and
external parties. If an FTP server is misconfigured, it is very easy
to open the entire server up to unauthorized access to the file
system, potentially exposing confidential data, and giving third
parties access to each other’s data.

Having confidence in your cloud service provider is an important
decision when choosing to join the cloud revolution. Securing data and
IT services is one of the key reasons why businesses choose to
outsource this responsibility to an experienced third-party managed
service provider with a track record and expertise of getting the
security configuration correct first time.


More information about the BreachExchange mailing list