SolarWinds breach exposes hybrid multicloud security weaknesses

Two messages here: 1) There are security gaps both within (shared responsibility model) and between cloud vendors (no central IAM and PAM); 2) ignoring the hype, this is one of the times that a zero-trust approach is the way to go…:

[…] In brief, advanced persistent threat (APT) actors penetrated the SolarWinds Orionsoftware supply chain undetected, modified dynamically linked library (.dll) files, and propagated malware across SolarWinds’ customer base while taking special care to mimic legitimate traffic.

The bad actors methodically studied how persistence mechanisms worked during intrusions and learned which techniques could avert detection as they moved laterally across cloud and on-premises systems. They also learned how to compromise SAML signing certificates while using the escalated Active Directory privileges they had gained access to. The SolarWinds hack shows what happens when bad actors focus on finding unprotected threat surfaces and exploiting them for data using stolen privileged access credentials.


Like competitors Microsoft Azure and Google Cloud, AWS provides a baseline level of support for IAM optimized for just its environments. Any organization operating a multi-hybrid cloud and building out a hybrid IT architecture will have wide, unsecured gaps between cloud platforms because each platform provider only offers IAM and PAM for their own platforms.


Original article