Compromise can happen quickly - something Sentrigo people have recently recalled the attackers came knocking on their door digital.
December 1st, the company deployed an instance of Oracle running on Amazon EC2 database. Six days later, he was pwn?s. Fortunately, no data production was inside - testing data, just as the instance was only there if the company could demonstrate security software.
"In this case, we were indirect capabilities to scan the database and find issues and set configurations, vulnerability assessment", explained Sentrigo CTO Slavik El. "We did not follow in place, but we do not deploy rules blocking." So we were alerted to attack and at that time there, he became interesting we let attackers continue to see real-time, real-world attack evolution.
Attackers have discovered the instance some simple port scan servers on the Internet, he said. When they found an open port, they identified and Oracle instance running behind him. From there, they could have access to the database and the escalation of privileges.
"The initial connection was conducted on a demo account without privileges by brute - force password", he said. "Senior level privileges elevation exploited a vulnerability in one of the components Oracle (OLAP)." Then, in these privileges the hacker took control of the operating system in dbms_scheduler. »
He admitted the instance Oracle has not been fully patched - they were using version 11.107 - but was struck by the speed in which compromise passed yet.
Andy Feit, Vice President of marketing at Sentrigo, said that anonymity is not true protection.
"Nobody knew which server, it was, he was just" said Feit.
He added that the situation could occur with any provider of cloud or a server owned by the company outside of the firewall and that Amazon has a "nice built-in firewall" and monitors outgoing bodies to prevent port scanning traffic.
"On the other hand, in the future, I certainly see Amazon and similar providers offering much more such as out-of-the-box IDS/IPS and other controls network," said technical director.
The moral of the story - expose your database on the Internet without appropriate including firewall security and access controls and make sure that the database is fully patched.
No comments:
Post a Comment