Business prefers cloud storage to keep their data-centric and restricted from private access. Therefore, the danger of cyber-attacks has increased to an extreme level. Keeping this in view, 2021 has recorded a great number of vulnerabilities in Google, Microsoft, and others.
Despite the fact that the Cloud is an easy-to-use and access solution for most applications, it is also accessible for hackers. Online usability is a challenge as it offers a wide range of loopholes for the attackers to penetrate the firewalls or any other cyber defenses.
Recently, a vulnerability arose in a library developed by Eltima, a virtualization firm, which has made a lot of cloud services vulnerable. Network virtualization is being used by a large variety of vendors including Amazon, therefore, it allows hackers to perform effective escalation attacks.
A security firm SentinelOne highlighted the vulnerabilities in the Software Development Kit (SDK) of Eltima. The SDK is used in virtual networking adopted by known vendors like the WorkSpaces agent of Amazon. The USB Network Gate of Eltima allows the attackers to execute malicious code in Kernel. This can be done through buffer overflow for attaining higher privileges.
This means attackers can easily access sensitive information by turning off all security features or products. J.A Guerrero Saade, the principal threat researcher at SentinelOne, further stated that all sensitive information can be protected if kernel access becomes limited to attackers through a security patch.
He said,
“It’s important to pay attention to these different privilege escalation vulnerabilities precisely because they allow run-of-the-mill threats to act unimpeded. When used properly, [such a] vulnerability can effectively alter security policies and disable the very security products that customers depend on to be protected”
Keeping this in view, we can surely say that any single vulnerability can produce a critical problem for the users. The reason is that most businesses rely on cloud services, so, there is no point of recovery for them.
They can only survive such attacks if they’re utilizing effective Cyber backup and recovery services such as Salvador Technologies. Being a top-rated ransomware solution company, we’ve effective strategies to prevent data theft and reduce downtime of your network system to minimal.
Threat Implications
SentinelOne highlighted the core issues in Amazon Web Services, Accops, and NoMachine. The company has also hinted that other cloud services are also affected. In its advisory, SentinelOne stated,
"Vulnerabilities in third-party code have the potential to put huge numbers of products, systems, and ultimately, end-users at risk, as we’ve noted before. The outsized effect of vulnerable dependency code is magnified even further when it appears in services offered by cloud providers. We urge all organizations relying on the affected services to review the recommendations above and take appropriate action."
The main reason behind these vulnerabilities is that the execution code is unable to map the buffer, check validation, probe, or lock. However, the company used an overflow to write the execution code. This provides SnetinelOne with easy access to arbitrary pointer dereferences and double fetches.
In a nutshell, the vulnerabilities have affected Accops, Eltima, Amazon, NoMachine, and Amzetta. SentinelOne previously disclosed the threat to the companies in mid-summer 2021. Amazon rolled out the botched patches whereas all other companies have released a new update.
This is why other companies are less affected as compared to Amazon. Now, the companies must urge their cloud virtualization service provider to ensure their network whether they’re using the Eltima USB over Ethernet library. Accept and NoMachine have released advisories for their users while Amazon’s Web Service customers can verify their maintenance settings.
So far, we can’t say whether the vulnerabilities are exploited in the wild, stated by SentinelOne in its advisory.
Other than this, Application Programming Interfaces (APIs) have become a source of supply chain vulnerability as most developers use code as a service. In 2021, a researcher showcased how he can bypass Amazon’s API Gateway and can easily execute the cache-poisoning attacks. The vulnerabilities detected by the SentinelOne are found in the USB over Ethernet functionality.
Salvador Technologies Solution
Salvador Technologies has been among the top cyber recovery services helping businesses in ransomware prevention. Most ransomware cyber-attacks are targeted at businesses with weak cyber security defense protecting their important data.
We use our effective recovery techniques and Recovery Time Objective (RTO) technology to prevent ransomware attacks. Most importantly, our 3-2-1 strategy helps us in recovering your business operation in just no time. It also plays an important role in ransomware detection and reducing downtime of your network systems.
Considering the 3-2-1-1-0 strategy, we advise the cloud users to use a hybrid solution to have offline protected data on-premises in addition to the cloud. Salvador Technologies provide the strongest offline protection capability to protect the data from any corruption.
