Uber just can’t catch a break. The company suffered its own data breach in September. Now three months later, one of the company’s third-party vendors suffered a breach reportedly leaking internal Uber data into the wild, according to Bleeping Computer. IT asset management platform Teqtivity announced Monday that hackers compromised customer data after gaining access to one of Teqtivity’s AWS backup servers.
It’s not yet clear exactly how threat actors infiltrated Teqtivity. Nevertheless, this is an opportunity to review the fundamentals of securing cloud resources to minimize the impact of infiltrations like this.
Teqtivity said the breach included device information such as serial numbers, make, models, and technical specs, as well as customer names, work email addresses, and work location details.
This kind of information could be used for a variety of attacks. Device information, for example, could be used to create targeted campaigns that exploit zero day vulnerabilities.
The more likely scenario, however, is that Uber employees see an increase in phishing and spear phishing campaigns. These are social engineering attacks that play off of harvested data like names, work email addresses, and Windows domain login names to fool users into providing information they shouldn’t. An attacker could pose as IT or security support staff, for example, hoping to obtain further information from victims such as a login password or multi-factor authentication permissions.
Combatting this threat will require extra vigilance from Uber and any other companies caught up in the data breach.
Again we don’t yet know how Teqtivity’s AWS server was breached. Nevertheless, we can talk about what steps companies can take to make sure they’re doing all they can to secure their cloud resources whether they reside in AWS, Google Cloud, or server hosts like DigitalOcean, Linode, and Vultur.
The fundamental security plan for these resources comes down to three points:
IP Whitelisting prevents any random person from accessing your resources from anywhere on the Internet. Taking it one step further, secure tunnels ensure that the connection between your employees and the resource they’re accessing are as locked down as possible.
Meanwhile, Zero Trust access policies ensure that only employees who need access to your resources have them. In addition, access is based not only on having the right login but on additional measures such as context-based requirements such as location or time of day.
Let’s explore each of these fundamentals in more detail.
A standard security strategy for cloud resources is IP whitelisting policies. Whitelisted IPs ensure that only traffic originating from specific IP addresses is allowed access to the resource.
The idea is to keep the number of whitelisted IPs to a minimum. Legacy VPNs residing in company data centers or branch offices are often a tool of choice for whitelisting. The problem, however, is that on-prem connections mean backhauling remote employee traffic to a location that may be miles or oceans away from where they actually are. This inevitably results in poor connectivity and reduced performance for the entire team.
A cloud-based secure access approach, by comparison, can set employee gateways in multiple locations around the world and closer to remote workers. This solves the problem of poor connectivity and in some cases may even improve it.
But a cloud-based solution isn’t the only feature you want for IP whitelisting. It’s also important that the service supports static IP addresses that are specific to your company only. Solutions where static IPs are shared among customers, by comparison, increases the chances of a breach since the resource can’t tell if traffic is coming from your company or another customer of your secure access provider.
IP Whitelisting Fundamentals: Use a cloud-based, secure access solution with a static IP gateway that is used only by your company. Then whitelist those handful of static IPs with your cloud resource.
An advanced alternative to IP whitelisting is to use secure IPSec tunnels between your gateway and the secure resources. Secure tunnels allow for easier expansion compared to IP whitelisting since connectors only have to be set once. IP whitelisting, on the other hand, has to be adjusted each time you add a new gateway or static IP address. That’s fine for one or two resources, but once you get beyond a handful of assets residing in the cloud configuring whitelists becomes a real pain.
Secure Tunnel Fundamentals: To avoid configuration issues and provide a more secure connection between your gateways and cloud resources use secure tunnel connections based on open source protocols such as IPSec.
IP whitelisting and secure tunnels are good strategies but aren’t enough on their own. What if a company device was under the control of a hostile party, for example, or if threat actors harvested login credentials via phishing?
That’s where Zero Trust policies come in. The basic principle of Zero Trust is to “never trust, always verify.” This means you set-up granular access policies for your applications and resources, and then you require that those policies are verified for the duration of a user session.
To start, ensure that only employees who need access to a specific cloud resource are given the proper permissions. For example, the website team and marketing probably don’t need access to customer data, but customer success engineers definitely do.
You can lock down resources even further with device posture check (DPC), which requires that company devices only gain access to resources if they are meeting certain security policies such as having a specific antivirus suite installed, or running a specific version of an operating system.
Finally, context-based policies further cement security by only permitting access during certain times of the day, or only traffic originating from a specific set of countries. These extra steps help ensure that even higher-permission credentials aren’t abused.
Zero Trust Access Policies Fundamentals: Set granular access permissions for applications and cloud resources based on need. Fortify those permissions even further with device-based requirements and other context-based policies such as time of day or location.
If you need help securing your cloud resources, Perimeter 81’s cloud-based, converged network security solution has all the features you need in one robust platform. Our gateways provide static IP addresses that are private to your company, and our menu-driven dashboard makes it easy to set access policies once and see them instantly deployed across the organization.
If you’d like to learn more about securing your resources with an easy-to-use solution, book a demo today to see what Perimeter 81 can do for your network.
