[Some Interesting] Cloud ‘n Sec news: 24th Jun 22
What’s worth your reading time
Risk management practice is improved with Public Cloud Adoption
A Survey by Cloud Security Alliance (CSA) in collaboration with Google finds that Public Cloud adoption enhances risk management practices within the enterprise.
According to Businesswire’s article on the subject:
Among the survey’s key findings:
As organizations adopt cloud, they are challenged to evaluate risk. There is no consistency of data classification across the use of cloud platforms and services — only 21 percent of users are utilizing cloud service data classification, and only 65 percent of those users are aligning with internal data classification schemes.
Cloud risk evaluation faces challenges with growing business adoption of cloud. With cloud adoption numbers increasing, more than half (52%) of organizations reported that they did not evaluate the risk of their cloud services being used after procurement as product features or business environments changed.
Tools for quantifying and measuring risk need to improve. Seventy percent of organizations reported less effective processes for assigning risk to cloud assets, with only 4 percent reporting having highly effective practices.
Monitoring, measuring, and reporting is difficult. Thirty percent of enterprises reported that risk scoring systems are used as a directional guide to risk improvement for certain cloud solutions as opposed to measurements that can be relied on for comparison across all cloud services.
Defender for Cloud support for Azure Cosmos DB now available everywhere
This week, support for Cosmos DB as a supported workload of Defender for Cloud has gone GA (generally available).
Now your cloud native Cosmos DB SQL Core API is monitored and has alerts raised for suspicious activities. As the official page mentions:
Microsoft Defender for Azure Cosmos DB provides an extra layer of security intelligence that detects unusual and potentially harmful attempts to access or exploit Azure Cosmos DB accounts. This layer of protection allows you to address threats, even without being a security expert, and integrate them with central security monitoring systems.
It’s worth noting that:
Defender for Azure Cosmos DB doesn’t access the Azure Cosmos DB account data, and doesn’t have any effect on its performance.
Learn more about it in the official documentation.
NSA issues official recommendations to properly configure PowerShell
The news were releaed by NSA alongside the official guidance document. The news article states:
NSA, the Cybersecurity and Infrastructure Security Agency (CISA), and the New Zealand and UK National Cybersecurity Centres developed “Keeping PowerShell: Security Measures to Use and Embrace” to help Windows operators and administrators understand how PowerShell supports system maintenance, forensics, automation, and security.
From the original article, they compare security features per PowerShell Version:
Have a look at the recommendations from the link above. Worth the time.
Matanbuchus SPAM campaign deploys Cobal Strike
The SPAM campaign uses emails faking replies, subject starting with RE: and it contains a ZIP attachment with an HTML file.
Once the machine is infected, cobalt strike is deployed from C2C communications.
Matanbuchus is a malware-as-a-service (MaaS) project first spotted in February 2021 in advertisements on the dark web promoting it as a $2,500 loader that launches executables directly into system memory.
Here’s a look at the infection chain from researchers’ notes:
Learn more about my Cloud and Security Projects: https://linktr.ee/acamillo
Thank you for reading and leave your thoughts/comments!