The year 2019 has been a rife one when it comes to data and cybersecurity breaches. A sizeable chunk of these vulnerabilities were identified in cloud-based platforms.
While nearly all those loopholes were plugged sooner or later, two questions still largely remain unanswered by the concerned parties. Firstly, what was the level and duration of exposure prior to identification?
Secondly, most service providers are tight-lipped over the exact number of users that were either exposed or directly affected by these vulnerabilities in some way.
Tech company Check Point has earned a lot of name and repute when it comes to identifying flaws in the cybersecurity of a wide array of services thriving over the internet and cloud.
Check Point has successfully identified loopholes in the systems of big names in the tech industry that include WhatsApp, TikTok and Zoom. The common denominator among all three is either web or the cloud.
This time around, Check Point decided to tread a different path by exploring vulnerabilities in the domain of cloud security. It won’t be wrong to say that the very existence of cloud hinges around robust security.
Microsoft, which was the second-largest player in the cloud market by revenue for the year 2019, was chosen as the lucky sample and work started.
Without taking too long, Check Point was able to identify a major vulnerability in the company’s Azure cloud platform. In technical terms, the issue is called Remote Code Execution (RCE) exploit.
Once a nefarious actor identifies this window of opportunity and exploits it, such a user can break the virtual or cloud isolation that separates the countless users over the cloud.
This vulnerability does not stop here, even code running over virtual machines can be intercepted and virtualized programs can also be manipulated.
One more worrisome factor was that certain patterns could be identified within the various codes to ascertain the user entity behind that code, which leaves sensitive business information up for grabs.
As soon as a user breaks the isolation, potentially the entire cloud infrastructure or service over which that specific code runs can be accessed, sniffed and even manipulated.
This vulnerability was identified by Check Point over Microsoft’s offline Azure Stack, which is an exact replication of the actual cloud environment.
As soon as the vulnerability was confirmed, Microsoft went on to patch it and also advised its users to immediately update their machines to plug this gap.
Check Point went on to win both well-deserved acclaim and a monetary reward. Microsoft also emerges out of this episode as a winner of sorts.
However, the losing party in yet another discovery of a major vulnerability are the very users of the cloud. We want more of vigilant companies like Check Point and fewer discoveries of such loopholes for sure.