Vulnerability in Cloud server infrastructure software SaltStack infects servers, leaving them vulnerable to breach

Summary

Vulnerabilities in SaltStack software were used as a vector to infect cloud servers with malware or other exploits, with over 6,000 master servers reportedly infected and directly exposed to the internet according to the company, allowing them to be breached. The vulnerabilities were discovered about two weeks ago, and several networks have already reported that they have been breached and had cryptocurrency mining malware deployed onto their servers. More damaging attacks such as data theft and ransomware are possible. A patch is now available for the vulnerability.

According to F-Secure Labs, this vulnerability “allows an attacker who can connect to the ‘request server’ port to bypass all authentication and authorization controls and publish arbitrary control messages, read and write files anywhere on the ‘master’ server filesystem and steal the secret key used to authenticate to the master as root. The impact is full remote command execution as root on both the master and all minions that connect to it.”

Report

Analysis

Cloud infrastructure security has rapidly become a critical operational issue for companies as their businesses become more reliant on data, and cloud usage increases both as part of core IT architecture and due to the increase in remote working due to COVID‑19.

Though the known breaches that resulted from this vulnerability have so far reportedly been limited to the installation of cryptocurrency mining malware, several organizations reported that they had to take their servers offline to address the exploit. But even if costlier data theft or ransomware incidents do not emerge from this exploit, there will be cost in time and productivity loss for organizations that must implement sanitation protocols such as changing passwords and other credentials in response to potential data theft.

The incident highlights the need for companies to keep cybersecurity and good cyber governance at the core of the rapid shift to digital in order to protect these critical assets. This includes the full IT ecosystem that makes up a corporate network, including cloud suppliers like SaltStack. Security is hard and no company is immune to an operational disruption, especially amid the rapid acceleration towards digital. It also cannot be outsourced. Afterall, SaltStack’s slogan is “control and secure your digital infrastructure”. Companies that outperform on cyber governance cover all of the bases—human, IT network and financials to ensure the investment in security is optimized, even in times of market volatility.

Close

Instantly download research in our library and be the first to get access to new content

Denis Bolshakov

Log out

We use cookies to make our website more user-friendly and effective

The Cyberhedge Indices Cookie Policy

What are the Cyberhedge Cyber Governance Indices?

These first ever benchmarks prove good cyber governance matters to shareholder value. They measure stock market performance of companies with good and with bad cyber governance scores. Scores are based on Cyberhedge’s proprietary cyber governance rating methodology. Market performance is tracked by an independent firm. The results show that companies with good cyber governance outperform their peers in US, UK, and EU markets.

Information that we collect

Here you can see and customize the information that we collect about you. To learn more, please read our privacy policy

Continue on website