Top Threats

  • 1.  Questions about Top Threats to Cloud Computing: Egregious Eleven Deep Dive

    CSA Instructor
    Posted Nov 09, 2020 03:59:00 PM
    Hi,

    CSA Japan Chapter is translating the Top Threats to Cloud Computing: Egregious Eleven Deep Dive to Japanese and have the following 4 questions. Would somebody give me answers and suggestions for them?

    1. Page7 Observations, first paragraph
    It says "Data Center Services (CDS)". It seems to be DCS instead of CDS. Am I right?

    2. Page8 Capital One, Attack Details, Attack
    It says "Over privileged access given to the WAF allowed the attacker to gain access to protected cloud storage (AWS S3 buckets) with the ability to read data sync and exfiltrate sensitive information."
    It is unclear for me that "with the ability to read data sync and exfiltrate sensitive information". Could you tell me why the issue is related to the data sync? Is this the one for the AWS Data Sync?

    3. Page14 Github, Attack Detail, Vulnerabilities
    It says "Vulnerabilities: Insiders - Employees, consultants, etc., with access rights, improperly trained to question or are neglectful when presented with potentially malevolent email."
    I do not know what this vulnerability relates to the DDoS attack. Could you tell me why it is related to?

    4. Page 24, Zoom,Technical Impacts, Credential compromise
    It says "Zoom lost over 500M usernames and passwords". From the following article, it says 500,000 username. It seems that it is 500K instead of 500M. Am I right?

    Regards,
        - Morozumi

    ------------------------------
    Masahiro Morozumi
    Executive Director
    CSA Japan Chapter
    ------------------------------


  • 2.  RE: Questions about Top Threats to Cloud Computing: Egregious Eleven Deep Dive

    Posted Nov 10, 2020 01:51:00 AM
    Hi Masahiro,

    3. Page14 Github, Attack Detail, Vulnerabilities - Somehow there was an incorrect summarization or generalization.

    The original version is this:
    1. Insiders – Employees, consultants, improperly trained to place the servers inside a trusted network or install an updated Memcached version or close port 11211


    ------------------------------
    Michael Roza CPA, CISA, CIA, MBA, Exec MBA
    ------------------------------



  • 3.  RE: Questions about Top Threats to Cloud Computing: Egregious Eleven Deep Dive

    CSA Instructor
    Posted Nov 10, 2020 03:31:00 PM
    Thanks Michael,

    For the Japanese translation, I will use the original one.

    How about the other questions, 1,2, and 4?

    Regards,
        - Morozumi

    ------------------------------
    Masahiro Morozumi
    Executive Director
    CSA Japan Chapter
    ------------------------------



  • 4.  RE: Questions about Top Threats to Cloud Computing: Egregious Eleven Deep Dive

    Posted Nov 11, 2020 07:41:00 AM
    the recent news for zoom consumer/subscriber were 330 mil, so there is no way it wsa 500mil username password were lost at the time of breach.

    --

    Regards

    Adnan Rafique








  • 5.  RE: Questions about Top Threats to Cloud Computing: Egregious Eleven Deep Dive

    CSA Instructor
    Posted Nov 12, 2020 04:38:00 PM
    Thanks, Adnan.
    I will use 500K for the Japanese translation.

    Does soomebody have suggestion for the following point?

    2. Page8 Capital One, Attack Details, Attack
    It says "Over privileged access given to the WAF allowed the attacker to gain access to protected cloud storage (AWS S3 buckets) with the ability to read data sync and exfiltrate sensitive information."
    It is unclear for me that "with the ability to read data sync and exfiltrate sensitive information". Could you tell me why the issue is related to the data sync?

    Regards,
        - Morozumi

    ------------------------------
    Masahiro Morozumi
    Executive Director
    CSA Japan Chapter
    ------------------------------



  • 6.  RE: Questions about Top Threats to Cloud Computing: Egregious Eleven Deep Dive

    Posted Dec 11, 2020 03:12:00 PM
    Morozumi,

    The sync command is an S3 command that can be run from the AWS cli and allows data to be copied from the source (s3 bucket) to a destination. Apparently the attacker was able to obtain keys of a ec2 instance profile that had the rights to list as well as run the sync command on certain s3 buckets and was able to copy the data to their own servers. Not sure if this explanation is what you were looking for.

    ------------------------------
    Brian Dorsey
    ------------------------------



  • 7.  RE: Questions about Top Threats to Cloud Computing: Egregious Eleven Deep Dive

    CSA Instructor
    Posted Feb 26, 2021 08:12:00 AM

    @Sean Heide

    @John Yeoh

    Can we get these cleaned up in the TT:DD as a .01 release?

    Thanks!​

    ------------------------------
    Jon-Michael C. Brook CISSP, CCSK, AWS Solutions Arch
    ------------------------------