Skip to content

Hackers have compromised a misconfigured cloud server in less than 4hh

by Pierluigi Paganini on December 23rd, 2013
cloud security

CloudPassage organized an exercise to demonstrated how it is simple the live server exploitation of cloud environments poorly configured.

Cloud computing is considerable one of the paradigms with highest penetration level with mobile and social networking, for this reason we discussed many times on security level offere by those infrastructures that are even more targets of cyber attacks.

But how vulnerable is a cloud environment to a hacking attack?

There isn’t of course a single answer to the question, a multitude of factors could improve the security of a cloud infrastructure, but cloud infrastructure security company CloudPassage has released an interesting report detailing the outcome of The Gauntlet, a recent capture-the-flag-style live server exploitation exercise designed to evaluate the robustness of cloud environments against external cyber attacks.

“In September 2013, CloudPassage Inc. ran a live server exploitation exercise to see how long
an unpatched and minimally configured cloud server instance could survive against financially
motivated attackers when connected directly to the Internet. The exercise, referred to as
The Gauntlet throughout the capture-the-flag-style contest, ran for 23 days across a collection
of Microsoft Windows and Linux-based servers with varying combinations of applications and
application frameworks installed.”

The Gauntlet experiment involved 367 ethical hacking participants from 41 different countries over the course of 23 days in September 2013. The attackers hit six servers hosting different OSs running a variety of databases, FTP services and application frameworks.

cloud architecture test security

All the servers were configured with default settings and no security controls were implemented, this scenario according CloudPassage is very common within a cloud environment.

The scenario illustrated by the experts is alarming, the report shows the capability of winning hacker to fully compromise a target cloud server. The success of the attack is attributable to unpatched flaws and misconfigured systems, cloud servers, the hackers have compromised with success the server under four hours.

The Gauntlet project demonstrates that a motivated attacker can too easily compromise cloud infrastructure, security of these infrastructures is essential and lack of defense mechanisms and misconfiguration of components could expose the entire architecture to risk of impairment.

“Despite the best efforts of the security community and the cloud providers themselves, there is a common misperception that cloud infrastructure does not need additional security. The Gauntlet project shows just how easily a motivated attacker can compromise cloud infrastructure that’s not configured for survivability,”  “Cloud computing requires renewed security diligence, preferably achieved through built-in security automation. Application development teams and security administrators should not need to worry about minuta that create major security exposures, but are easily eliminated through automation.” declared Carson Sweet, CEO of CloudPassage.

The simulation exposed more than security issues, 90 of which were successfully validated as true remote exposures.

The security flaws were included everything from directory permissions to typical information disclosure about applications or services, the majority of submissions were flag submissions (38%), information disclosures (34%), and anonymous FTP access (12%).

 

cloud architecture test security flaws

The winning hacker obtained full control of the cloud architecture exploiting a weakly protected administrative web interface, also in this case many applications installed contained application flaws and access rights were properly configured.

“What I did could be boiled down to a single batch script,” “Once access is gained to an administrator account on an application interface, it would take only a minute or two to gain full access to a similarly configured system. I hope this has shown the potential damage an attacker can cause.” said The Gauntlet winner.

The report also proposes a series of useful recommendations to secure cloud environment, these are the highlights from the document:

  • Server fully compromised by a single individual in four hours
  • Six servers provisioned with a different Microsoft Windows Server or Linux-based operating system (detailed in “Target Information”)
  • Included 367 participants from 41 different countries
  • 102 total security issues reported (90 successfully validated)
  • 35 flags submitted over 23 days

Have a good reading!

Pierluigi Paganini

(Security Affairs –  hacking, cloud architecture)

From → Hacking, Security

Comments are closed.