Posted on

Microsoft Azure Customer Data Deleted In DNS Flaw

Users of Microsoft’s Azure system lost database records as part of a mass outage on Tuesday.

A combination of DNS problems and automated scripts were to blame, said reports.

Quora Website Data Breach Hits 100 Million Users

Microsoft deleted several Transparent Data Encryption (TDE) databases in Azure, holding live customer information. TDE databases dynamically encrypt the information they store, decrypting it when customers access it.

Facebook exposed up to 6.8 million users’ private photos to developers in latest data leak

Keeping the data encrypted at rest stops an intruder with access to the database from reading the information.

While there are different approaches to encrypting these tables, many Azure users store their own encryption keys in Microsoft’s Key Vault encryption key management system, in a process called Bring Your Own Key (BYOK).

Breaking down the Marriott data breach

The deletions were automated, triggered by a script that drops TDE database tables when their corresponding keys can no longer be accessed in the Key Vault, explained Microsoft in a letter reportedly sent to customers.

Time Is Now For Social Media and Digital Marketing Intelligence to Grow Your Business

The company quickly restored the tables from a five-minute snapshot backup, but that meant any transactions that customers had processed within five minutes of the table drop would have to be dealt with manually. In this case, customers would have to raise a support ticket and ask for the database copy to be renamed to the original.

 

Why were the systems accessing the TDE tables unable to access the Key Vault? The answer stems from a far bigger issue for Microsoft and its Azure customers this week.
An outage struck the cloud service worldwide on Tuesday, causing a range of problems. These included intermittent access to Office 365 in which users had only half a chance of logging on. Broader Azure cloud resources were also down.

 

Windows 10’s Built-in Antivirus Is Getting A Massive Upgrade

 

This problem was, in turn, down to a DNS outage, according to Microsoft’s Azure status page:

Preliminary root cause: Engineers identified a DNS issue with an external DNS provider.

Mitigation: DNS services were failed over to an alternative DNS provider which mitigated the issue.

Reports suggested that this DNS outage came from CenturyLink, which provides DNS services to Microsoft.

Goodbye to Edge: Microsoft is building a new, faster browser

The company had suffered a software defect, it had said in a statement.

This shows what can go wrong when cloud-based systems are interconnected and automated enough to allow cascading failures.

A software defect at a DNS provider indirectly led to the deletion of live customer information thanks to a lack of human intervention.

CenturyLink seems to be experiencing serial DNS problems lately.

The company, which completed its $34bn acquisition of large network operator Level 3 in late 2017, also suffered a DNS outage in Decemberthat reportedly affected emergency services, sparking an FCC investigation.

Azure users can at least take comfort in the fact that Microsoft is offering multiple months of free Azure service for affected parties.

Source: Naked Security

 


Also viewed

Windows 10 can carry on slurping even when you’re sure you yelled STOP

 

Posted on

“Installing compromised software can have expensive repercussions” – US warns of supply chain cyber-attacks

The US intelligence community has issued a new warning about cyber-espionage risks posed by attacks made via the technology supply chain.

Source: BBC

A report said China, Russia and Iran were the most capable and active states involved in such economic subterfuge.

Software supply chain infiltration had already threatened critical infrastructure, it warned, and was poised to imperil other sectors.

Facebook exposed up to 6.8 million users’ private photos to developers in latest data leak

It added that sensitive data owned by US bodies had been put at risk.

The Foreign Economic Espionage Report was published by the US’s National Counterintelligence and Security Center (NCSC).

It said that last year marked a “watershed”, with seven significant software supply chain events having been made public.

By comparison, only four such incidents had been widely reported between 2014 and 2016, it said.

‘Key threat’

The concern is that attackers are looking for new ways to exploit computer networks via the privileged access given to technology providers.

“Software supply chain infiltration is one of the key threats that corporations need to pay attention to, particularly how software vulnerabilities are exploited,” William Evanina, the NCSC’s director and the US’s top counter-intelligence official, told the BBC.

“To get around increasingly hardened corporate perimeters, cyber-actors are targeting supply chains.

“The impacts to proprietary data, trade secrets, and national security are profound.”

The report highlights a number of attacks.

They include the spread of a booby-trapped version of CCleaner – a computer-cleaning program – which was revealed last September.

Hackers Data Breach Equifax For 76 Days Before Being Discovered

This worked by inserting malicious code into the software to take advantage of the access it enjoyed.

Millions of machines were infected, but the report said hackers had “specifically targeted” 18 companies to conduct espionage including Samsung, Asus, Intel, VMware, O2 and Fujitsu.

Lost millions

The attacks can also have disruptive effects as well as being used to steal information.

The use of accountancy software to target Ukraine in the so-called NotPetya attack is another example of where a software supply chain was compromised.

The software was used to file tax returns in Ukraine.

NotPetya
The NotPetya malware spread by piggybacking a tax software update – Image copyright: REUTERS
Hackers – alleged to be from Russia – implanted malicious code that wiped machines of data. It spread well beyond Ukraine via many companies that did business in the country, leading to hundreds of millions of dollars of damages.

Supply chain attacks have the potential to hit many different machines through one single compromise and can be harder to detect than traditional malware attacks.

Backdoor breaches

Another flagged case involved software from South Korean based firm Netsarang, which had been corrupted with a backdoor. This was in turn used to target hundreds of companies in the energy, financial services, manufacturing, telecoms, transport and pharmaceutical sectors.

Kingslayer was also discussed. The malware operation targeted administrator accounts to install backdoors that provided access to sensitive parts of a target’s network.

Windows 10’s Built-in Antivirus Is Getting A Massive Upgrade

The report said that while it was not known how many firms were ultimately infected, “at least one US defence contractor was targeted and compromised”.

In the past week, cyber-security company Crowdstrike also published the results of a survey it had commissioned. Two-thirds of the organisations that responded said they had experienced a software supply chain attack in the past 12 months.

The average cost of an attack was more than $1.1m (£838,000).

Kaspersky Lab

The US report also raised concerns about foreign technology companies with close links to their domestic governments. It pointed to new laws and regulations in Russia and China, which require reviews of source code.

“New foreign laws and increased risks posed by foreign technology companies due to their ties to host governments, may present US companies with previously unforeseen threats,” the report said.

It also noted last September’s Department of Homeland Security directive telling US federal agencies and departments to remove Kaspersky Lab products because of the company’s link to Russia.

Kaspersky Lab software has broad and privileged access to machines to scan for viruses, but the company has always denied any use of this access for espionage on behalf of the Russian state.