In previous posts we’ve pointed out the huge problems misconfigurations cause for data security. Simply put, misconfigurations are the number one cause of data breaches. We wanted to return to this topic in light of a misconfiguration breach that exposed an estimated 250 million records. Massive breaches can be the result of non-malicious security issues, and can be easily detected with the right security software.
Microsoft’s Misconfiguration Breach
In a blog post titled ‘Access Misconfiguration for Customer Service Support’, Microsoft announced that the misconfiguration of security rules for an internal customer support case analytics database exposed customer data. Comparitech, a consumer security support service, discoverd the misconfiguration breach. They estimate that the database contained 250 million records, “logs of conversations between Microsoft support agents and customers from all over the world, spanning a 14-year period from 2005 to December 2019.” The records were stored in five Elastisearch servers. While much of the personal information was redacted, Comparitech found that batches of plain text data was exposed. This plain text could be used for targeting tech support scams.
A change made to the database’s network security group on December 5th, 2019 resulted in the misconfiguration breach. Comparitech didn’t discover the exposed data until December 29th. Unfortunately BinaryEdge search engine had already indexed the database the previous day. Upon discovery, Comparitech immediately notified Microsoft, which secured the servers and data between December 30th and 31st. While Comparitech reported the breach as soon as it was discovered, the data was exposed for three weeks. There’s no telling who else may have come across it, or what they may still do with it.
Avoid Misconfiguration with Spanugo ASAP
Verifying configurations is extremely difficult in today’s dynamic IT environment. This is why most security breaches exploit relatively simple security configuration and process failures. Microsoft is the world’s largest software company, having close to $300 billion in assets. It produces many of the most commonly used programs and applications. This breach shows that no organization is immune to misconfigurations that can expose valuable and sensitive data. Particularly if they are not following security best practises.
Spanugo’s Automated Security Assurance Protocol (ASAP) is designed to combat security hygiene problems like misconfiguration. ASAP offers a new approach to dynamically validating security postures. It doesn’t rely on scripts and manual processes, and is built to scale in a hybrid-cloud environment. Specifically, it provides automatic, comprehensive, continuous and consistent detection of configuration best practises in order to secure infrastructure and data. ASAP also includes basic configuration checks. It ensures that default passwords are changed, route access is not publicly available, and applications and firewall gateways are properly configured.
When Spanugo ASAP detects a misconfiguration, we not only notify you, but offer a remediation plan to correct the configuration. This ensures your data and your customers’ data has the protection it needs. The results are real time protection and real remediation for your servers and databases.