Orca discovered and disclosed the vulnerability to Microsoft in December 2021. Within four days of the initial communications between the two companies, Microsoft had fixed the issue and started looking for additional variants of the attack vector. Orca disclosed deeper details about the former vulnerability on March 7, 2022.
Microsoft Azure Automation: The Cloud Vulnerability (Now Fixed)
The vulnerability involved Microsoft Azure Automation, which allows customers to execute automation code in a managed fashion, Orca noted. Among the details the security company shared:
- Each customer’s automation code runs inside a sandbox, isolated from other customers’ code executing on the same virtual machine, Orca said.
- However, Orca discovered a "serious flaw that allowed us to interact with an internal server that manages the sandboxes of other customers. We managed to obtain authentication tokens for other customer accounts through that server. Someone with malicious intentions could’ve continuously grabbed tokens, and with each token, widen the attack to more Azure customers."
To reiterate: Microsoft has closed the vulnerability. As an extra step, the company also recommends that its Azure Automation customers follow these Security best practices.
Cloud Security Best Practices for MSPs and MSSPs
Although cloud vulnerabilities pop up from time to time, cloud-related data leaks often involve erroneous user settings on Amazon Web Services (AWS), Azure and/or Google Cloud Platform.
Indeed, 90 percent of organizations are susceptible to security breaches due to cloud misconfigurations, according to the “2021 Cloud Security Report: Cloud Configuration Risks Exposed” from application lifecycle security company Aqua Security.
To find and correct cloud service misconfigurations, many MSPs and MSSPs are embracing cloud infrastructure entitlement management (CIEM) and cloud security posture management (CSPM).
Annual CSPM spending will reach $9 billion by 2026, up from $4 billion in 2020, according to Markets and Markets. That’s a 14.4 percent compound annual growth rate.
On a related note, 41 percent of our Top 250 MSSP survey participants already offer CSPM to their end customers, MSSP Alert research found in September 2021.
About Orca Security
Orca Security is an Israeli cloud security startup founded by former Check Point Software Technologies executives Avi Shua and Gil Geron. The company raised $55 million in a Series B funding in December 2020.
Orca launched a Security Partner Program for solutions providers, cloud service providers (CSPs), and technology partners in August 2021. And in January 2022, Orca acquired RapidSec, an Israeli cybersecurity startup that protects web applications from client-side attacks.