CISA Urges Action on Potential Oracle Cloud Credential Compromise – Source:hackread.com

Following reports of unauthorized access to a legacy Oracle cloud environment, CISA warns of potential credential compromise leading to phishing, network breaches, and data theft. Find out CISA’s recommendations for organisations and individuals.  

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about potential security risks following reports of possible unauthorised access to an older Oracle cloud system. While the full extent of this issue is still being looked into, CISA is concerned about the safety of login information that might have been exposed.

According to the agency, if attackers manage to obtain usernames, emails, passwords, security codes, and keys used to scramble data, this could cause significant problems for businesses and individuals.

CISA highlights that these stolen details are often used by bad actors to gain more control within computer networks, get into cloud systems, and even launch fake email scams. This stolen information can be sold to other criminals. Moreover, threat actors can exploit credentials to escalate privileges, access cloud and identity management systems, and conduct phishing, credential-based, or BEC campaigns.

A key concern raised by CISA is when these login details are “embedded” directly into computer code, programs, or setup files, since these hidden credentials can be very hard to find and remove. This can potentially allow attackers to have secret access for a long time if they are exposed.

To reduce the chances of problems arising from this potential breach, CISA is urging organisations to take immediate action. They recommend that businesses change the passwords of users who might be affected, especially if their computer logins are not managed through a central system.

In addition, companies must carefully check their computer code and setup files for any login details that are directly written in them and replace these with more secure methods.

Furthermore, CISA advises businesses to keep a close eye on their computer system logs for any unusual activity, particularly involving important accounts. They also stress the importance of using strong multi-factor authentication (MFA) for all user accounts whenever possible, as this adds an extra layer of security against unauthorised access.

For individual users, CISA has a clear message: “Immediately update any potentially affected passwords that may have been reused across other platforms or services.” They also strongly recommend using strong, unique passwords for every online account and turning on MFA wherever it is offered.

Jim Routh, Chief Trust Officer at Saviynt, commented on the latest development, stating, “Software engineers often embed authentication credentials or scripts for convenience when applications are being tested before production; however, engineers often neglect to remove the embedded credentials once the code is put into production which creates a vulnerability that threat actors actively exploit, giving them access to the application where they may escalate privileges, obtaining access to more sensitive information.”

He advised that, “There are now tools available that identify credentials in software code, but these tools are not widely used. The root cause of this problem for enterprises is to improve processes for credential management using more advanced privileged access management capabilities and seeking alternatives to credentials through passwordless authentication options.”