Vulnerabilities in SaltStack software were used as a vector to infect cloud servers with malware or other exploits, with over 6,000 master servers reportedly infected and directly exposed to the internet according to the company, allowing them to be breached. The vulnerabilities were discovered about two weeks ago, and several networks have already reported that they have been breached and had cryptocurrency mining malware deployed onto their servers. More damaging attacks such as data theft and ransomware are possible. A patch is now available for the vulnerability.
According to F-Secure Labs, this vulnerability “allows an attacker who can connect to the ‘request server’ port to bypass all authentication and authorization controls and publish arbitrary control messages, read and write files anywhere on the ‘master’ server filesystem and steal the secret key used to authenticate to the master as root. The impact is full remote command execution as root on both the master and all minions that connect to it.”
Cloud infrastructure security has rapidly become a critical operational issue for companies as their businesses become more reliant on data, and cloud usage increases both as part of core IT architecture and due to the increase in remote working due to COVID‑19.
Though the known breaches that resulted from this vulnerability have so far reportedly been limited to the installation of cryptocurrency mining malware, several organizations reported that they had to take their servers offline to address the exploit. But even if costlier data theft or ransomware incidents do not emerge from this exploit, there will be cost in time and productivity loss for organizations that must implement sanitation protocols such as changing passwords and other credentials in response to potential data theft.
The incident highlights the need for companies to keep cybersecurity and good cyber governance at the core of the rapid shift to digital in order to protect these critical assets. This includes the full IT ecosystem that makes up a corporate network, including cloud suppliers like SaltStack. Security is hard and no company is immune to an operational disruption, especially amid the rapid acceleration towards digital. It also cannot be outsourced. Afterall, SaltStack’s slogan is “control and secure your digital infrastructure”. Companies that outperform on cyber governance cover all of the bases—human, IT network and financials to ensure the investment in security is optimized, even in times of market volatility.