More improperly managed cloud accounts — Palo Alto Networks’ Unit 42 threat intelligence team analyzed 210,000 cloud accounts across 1,300 organizations in its annual cloud threat report released Tuesday. Quoting further from Axios.
76% of organizations that store data in the cloud don’t enforce multifactor authentication (MFA) for their users, per the report, while 58% of organizations also don’t require MFA for network administrators either. Researchers also found sensitive data in 66% of cloud storage buckets associated with these accounts. 60% of organizations took longer than four days to resolve security alerts tied to their cloud systems.
Microsoft is now using a new naming convention to discuss hacking groups. Hackers will now be named after events like storms, typhoons, and blizzards, as part of eight groups that Microsoft is using to track cyber attacks. That means the group that has targeted companies like Nvidia, Samsung, and Microsoft will now be referred to as Strawberry Tempest.
The new taxonomy will include five key groups: nation-state actors, financially motivated actors, private sector offensive actors (PSOAs), influence operations, and groups still in development. Nation-state hackers will be named after a specific family of weather events, designed to indicate where the groups are being directed from. This includes China as Typhoon, North Korea as Sleet, and Russia as Blizzard.
Financially motivated hacking groups will be named tempest, with private sector offensive actors and commercial entities that create and sell cyberweapons as tsunami and influence operations and manipulative information campaigns named after floods.
Finally, a new set of guidelines is out for software manufacturers from CISA, the FBI, and NSA. The “principles and approaches” document, which isn’t mandatory but lays out the agencies’ views on securing software, offers that software should end default passwords, write in safer programming languages, and establish vulnerability disclosure programs for reporting flaws. It’s a set of guidelines for security by design intended to create a baseline for software design.
Why do we care?
While names like Strawberry Tempest sound a bit silly, a nomenclature that tells motivation will be helpful for analysis. Knowing a group’s intent quickly is the key benefit.
I’m going to focus a bit on that secure-by-design document. It’s a clear set of software guidance that we can see being used by the government in purchasing decisions, which would easily apply to buying decisions in the commercial space. And thus, a set of guidelines to apply to software purchases and recommendations made by IT services organizations. Perhaps even a scorecard system to make recommendations.
And in those design, by default should be MFA. MFA should just be required, particularly in all cloud data accounts. Again, more guidance for leveraging.