How the cloud amplified supply chain risk and what you can do about it?

Blog AWS Security Cloud Infrastructure Cloud Security

As seen from recent security incidents involving cloud-based systems (for instance- numerous cyber incidents in the healthcare sector), reliance on cloud services can amplify cybersecurity risks associated with third parties and the supply chain. For example, some organizations allowed external contractors access to their Snowflake accounts for customization. Some contractors had very lax security posture (using the same laptop for downloading pirated software and gaming), yet they were given unlimited access (via user credentials) to live user accounts without any additional security means (such as MFA). This allowed threat actors who breached the contractors’ laptop to access multiple user accounts without the need to crack passwords, or to use social engineering. They were literally given the (access) keys to the kingdom.

The cloud is, essentially – A supply chain in itself

There are several reasons why the cloud has made the supply chain risk so much greater than before, and in the process, facilitated cyber attacks by less skilled hackers. The first is that cloud technology itself utilizes a technology stack comprising of several products and technologies made by companies (and sometimes, non-profit organizations) external to the organization. This introduces multiple new entry points that attackers can exploit, and it exponentially increases the attack surface. The fact that the organization no longer controls its own infrastructure but uses one by a vendor, requires a shared responsibility model between the cloud provider and the organization that consumes cloud services, which is inherently more complex to manage. Moreover, poor IT hygiene can be somehow overcome in on-prem environments with limited connection to the outside world (and some additional security layers such as firewall and compartmentalization), then with the use of cloud these bad habits create much greater security risk. For example, in the same Snowflake campaign, several attacks abused credentials to access demo accounts of employees who have left the organization years ago, but their accounts were still active and “protected” only by the same username and password. In other attacks, companies shared data with 3rd party vendors who then failed to delete it when it was no longer needed, stored it in their cloud environment and then the data was stolen, impacting the company who hired their services (who, in most cases, did not even realize its’ data was at risk ).

Identity is the modern firewall

Security vendors have tried to adopt traditional security thinking and implement it in cloud environments. However, due to the different usability, implementing “firewalls” or “segmentation” isn’t practical. The reason is that organizations must provide access to employees (login in from anywhere), partners and users. These users can then “hop” between different systems and roles according to their permissions. Attackers can exploit this “chain of roles” to traverse between systems. What’s even worse- using such attack technique would not raise any alert. Attackers can abuse one set of credentials to enter one system, then try to identify which other permissions this user has, hop to the next system and so on, until they reach their final goal- the crown Jewels (link to blog).

Identifying supply chain risks and preparing for the breach before it materializes

Because of the complexity and risk involved in cloud-based supply chain, it is prudent to prepare for a breach in advance.

Companies and organizations must acknowledge the risk and factor it in any time they contract a new vendor. And yet, it is impossible to vet and monitor all these external vendors, so organizations must deploy their own threat detection means and run ongoing simulations to identify and block potential attacks, some of which might originated from the supply chain.

Summary

3rd parties have always presented risks to organizations, but the cloud has exacerbated this risk to phenomenal levels. One contractor with access to several user accounts can seriously compromise the entire organization. Using Skyhawk Purple Team CTEM solution for enhanced preparedness, alongside Skyhawk Cloud Threat Detection and Response (CDR) can ensure that the supply chain risks, and their potential impact, will be reduced by employing:

  • Verified Alerts and Automated Responses: Skyhawk Security enhances the effectiveness of its Autonomous Purple Team by ensuring that all alerts are pre-verified. This means that security teams receive only actionable intelligence, significantly reducing the risk of responding to false positives- which are often triggered by the work of non-malicious 3rd parties.
    The platform’s automated responses are also verified, allowing for immediate and precise remediation of threats. This integration of verified alerts and automated responses helps prevent security incidents from escalating into breaches, providing peace of mind that your cloud environment is secure. This is a key component of CTEM, and Skyhawk Security delivers it.
  • Tailored AI driven incident detection solutions: Skyhawk Security’s multi-layered cloud incident detection AI approach is designed to work hand-in-hand with the Autonomous Purple Team. Custom-built machine learning models, updated daily, ensure that malicious activities are detected within minutes, preventing an incident from becoming a full-scale breach (which, in itself, can impact additional parts in the supply chain).

 

To learn more about Skyhawk’s cloud security solution, book a Purple Team Assessment today! We can get started in just one hour.

 

 

 

Blog

Re:Invent has come to a close and we had a great week! We kicked off the week with our product announcement. Did you know that most threat actors (70%) are logging into the cloud – they are not “breaking in”.

Cloud BreachCloud SecurityThreat Detection
Blog

Skyhawk Security is proud to announce the expansion of its cloud threat detection and response capabilities with Interactive CDR. This new capability expands the team that can verify if an activity is malicious or not, by going to the alleged

AICloud BreachCloud SecurityThreat Detection
Blog

Skyhawk Security announces the availability of new features and integrations of its Autonomous Purple Team, aimed at extending detection and improving security validation as well as pre-validating threat detection alerts, to effectively manage the security of your cloud. The company

AICloud BreachCloud SecurityThreat Detection
Blog

By Asaf Shahar, VP, Product at Skyhawk Security Securing cloud environments presents unique challenges due to their constantly evolving nature. CERT-IL’s alert on public cloud threats (ALERT-CERT-IL-W-1810) underscores common vulnerabilities—exposed credentials, service misconfigurations, and inadequate tenant isolation—frequently exploited by attackers.

AICloud BreachCloud SecurityThreat Detection
Blog

By Asaf Shahar, VP, Product at Skyhawk Security As cloud security strategies evolve, attackers are staying a step ahead, moving beyond traditional credential theft tactics like phishing to adopt more sophisticated methods- some of which we’ve witnessed in the past.

AICloud BreachCloud SecurityThreat Detection
Blog

AWS re:Invent is less than a month away – stop by booth #2152 to learn about Skyhawk Security and our award-winning AI-based Autonomous Purple Team. With Skyhawk’s Continuous Proactive Protection, our customers have realized: Significant Time Gains: Our customer has

AICloud BreachCloud SecurityThreat Detection

Thanks For Reaching Out!

One of our expert will get back to you
promptly at asafshachar@gmail.com

See the Purple Team
See the breach before it happens
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.