Recently, according to the well-known technology **techcrunch, BMW has suffered a serious cloud storage server configuration error, resulting in the leakage of a large amount of sensitive information.
It is reported that the incident stemmed from a configuration error in Microsoft's Azure managed storage server, which caused a bucket that should have been heavily protected to be incorrectly set to a public access state.
SocRadar's security researcher Can Yoleri stumbled upon the vulnerability while conducting a routine security scan. He was shocked to find that the bucket contained BMW's private keys, internal data, and other important information. This sensitive data involves not only BMW's private keys to cloud services around the world, but also login credentials for production and development databases.
The seriousness of this leak is self-evident. The disclosure of private keys means that attackers could use these keys to illegally access and control BMW-related cloud services, thereby stealing more sensitive information or performing malicious operations. The exposure of internal data may bring a series of serious consequences to BMW, such as the leakage of trade secrets and the damage to customer privacy.
At this time, it is not possible to determine exactly how much data was leaked and how long it was exposed on the Internet.
And earlier in February, CyberNews researchers stumbled upon an unprotected hosted by BMW Italy. env andgit configuration file. Environmental Files (..)env) is stored locally and includes data about production and development environments.
The researchers note that while this information is not enough for an attacker to compromise**, they can be used for reconnaissance – covert discovery and gathering information about the system.
Data can lead to compromise or lead attackers to customer information storage and how to access it. Open to the publicThe git configuration file allows an attacker to find other exploitable vulnerabilities, including the .. of the site sourcegit repositories.
This finding suggests that even well-known and trusted brands may have severely insecure configurations, allowing attackers to compromise their systems to steal customer information or move laterally through the network. Customer information from this type** is especially valuable to cybercriminals, as customers of luxury car brands often have more assets that could be stolen. The CyberNews research team said.
On February 1, foreign media reported that Mercedes-Benz did not properly handle the github private key, resulting in unrestricted access to internal github enterprise services by the outside world, and the entire source ** was leaked.
The reason for this is that researchers at Redhunt Labs also found a GitHub private key in a public repository belonging to Mercedez employees during their search, which gave access to the company's internal GitHub enterprise server.
The Redhunt Labs report states that the GitHub private key provides "unrestricted" and "unmonitored" access to all sources** hosted on internal GitHub enterprise servers.
The incident exposed a sensitive repository that housed a large amount of intellectual property, and the leaked information included database connection strings, cloud access keys, blueprints, design documents, SSO passwords, API keys, and other important internal information.
As the researchers explain, the consequences of publicly exposing this data can be severe. Source leaks can lead to competitors reverse-engineering proprietary technology, or hackers scrutinizing it for potential vulnerabilities in automotive systems.
In just one month, two international car companies have had multiple safety issues that deserve our attention.
Two of these security issues were discovered by researchers during regular reviews and monitoring, and they also perfectly hit the "daily pitfall" of cloud resource allocation: improper bucket permissions and poor management of weak passwords and keys. A 2019 Gartner survey showed that 80% of data breaches are caused by misconfigurations, and this number is expected to exceed 90% by 2025. At the end of January this year, due to configuration changes, Microsoft Azure collapsed, which also gave the industry a deeper understanding of configuration issues.
Therefore, we interviewed relevant experts in cloud security and gave some specific suggestions to prevent cloud resource allocation errors:
Learn about cloud services and configurations: Before using a cloud service, it's important to have a deep understanding of the services offered and their configuration options. This includes understanding the security features of cloud services, how to configure them, and potential security risks. Communicate with your cloud service provider to ensure you have a clear understanding of how to properly configure cloud services to meet your security needs.
The principle of least privilege: When assigning permissions to cloud resources, the principle of least privilege should be followed. This means that only the minimum permissions required for a user or application to perform their task are granted. By restricting unnecessary access, you can reduce potential security risks.
Regular review and monitoring: It's critical to regularly review and monitor the configuration and access logs of your cloud resources. This can help you identify any unauthorized access or configuration changes in a timely manner and take appropriate action to remediate them. These tasks can be accomplished more easily by using monitoring tools and log analysis tools provided by cloud service providers.
Automate configuration management: Using automated tools to manage the configuration of cloud resources can reduce the risk of human error. These tools can help you ensure consistency in your configuration and automatically apply security updates and patches when needed.
Enforce authentication and access control: Ensure that you protect your cloud resources with security measures such as strong password policies, multi-factor authentication, and access control lists. This will help prevent unauthorized access and potentially malicious activity.
Regular updates and backups: Regularly update your cloud services and applications to ensure you're using the latest and most secure version. At the same time, it is also important to regularly back up the data and configuration of cloud resources. In the event of a security incident or unforeseen circumstances, backup can help you quickly restore your data and configurations.