Page 196 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 196

How to Have Exploited the Database Vulnerability

            As explained by Microsoft, the Wiz researchers went through the following steps to gain elevated
            privileges  and  remote  code  execution,  which  allowed  them  to  bypass  cross-account
            authentication using a forged certificate and access other customers' databases:

            1.     Choose a target PostgreSQL Flexible Server.

            2.     Retrieve the target’s common name from the Certificate Transparency feed.


            3.     Purchase a specially crafted certificate from DigiCert or a DigiCert Intermediate Certificate
            Authority.

            4.     Find the target’s Azure region by resolving the database domain name and matching it to
            one of Azure’s public IP ranges.

            5.     Create an attacker-controlled database in the target’s Azure region.


            6.     Exploit vulnerability #1 on the attacker-controlled instance to escalate privileges and gain
            code execution.

            7.     Scan the subnet for the target instance and exploit vulnerability #2 to gain read access!



            How to Prevent Data Exfiltration and Data Breaches in Todays Complex Environment

            Multiple  layers  of  data  protection  are  required  today  to  prevent  Data  Exfiltration  and  Data
            Breaches. In 2020 the DHS, Department of State, U.S. Marine Corps and the Missile Defense
            Agency recognized this and all issued requests for proposals (RFP) for network full packet data
            capture for Deep Packet Inspection analysis (DPI) of network traffic. This is an important step
            forward protecting confidential database data and organization information.

            Zero-day vulnerabilities that allow hackers to gain system privileges are a major threat to all
            organizations encrypted and unencrypted confidential data.  Confidential data includes: credit
            card, tax ID, medical, social media, corporate, manufacturing, trade secrets, law enforcement,
            defense, homeland security, power grid and public utility data. This confidential data is almost
            always stored in DB2, Informix, MariaDB, Microsoft SQL Server, MySQL, Oracle, PostgreSQL
            and SAP Sybase databases.














                                                                                                            196
   191   192   193   194   195   196   197   198   199   200   201