With over 65% of all cloud security breaches the result of customer misconfigurations, Palo Alto Networks Unit 42 Threat Intelligence researchers wanted to investigate how those misconfigurations applied to identity and access management (IAM). From a Red Team exercise conducted in the spring of 2020, the team uncovered some shocking results as they related to misconfigured roles in IAM in many of the popular cloud service providers. These findings are the bases for this edition of the Unit 42 Cloud Threat Report, 2H 2020.
Unit 42 Threat Researchers Jay Chen, senior cloud vulnerability and exploit researcher, Public Cloud Security and Nathaniel "Q" Quist, senior threat researcher, Public Cloud Security unpack the report. Participants learn:
- How Unit 42 researchers were able to compromise an entire AWS® environment from a single misconfigured IAM trust policy.
- During the Red Team exercise, Unit 42 researchers identified an IAM role used by hundreds of users, which they were able to compromise. This allowed them to achieve administrative access outside of the development area. Once outside of development, the misconfigured IAM role allowed researchers to identify and hijack a legitimate administrator account, and establish full administrative control over the entire cloud environment.
- Unit 42 researchers will also provide the latest findings on risks stemming from IAM misconfigurations, plus updates on cloud security trends – looking for clear indications of the overall security posture of cloud infrastructure.
This event explores how to operationalize the insights in the latest Unit 42 Cloud Threat Report. It is intended for security operations, cloud infrastructure, cloud security, application security and compliance teams.