Perspective on Capital One Breach
This text is a foreseeti perspective on the recent massive breach of Capital One – an AWS customer. The breach highlights a much broader security issue; complexity. In the core of the challenge is the concepts of graphs vs. lists. We see that simulations are one part of the operational solutions to address the challenge going forward. As the mechanical engineer use simulations to asses and strengthen their constructions, security engineers and DevOps teams can use simulations to proactively find and mitigate cyber weaknesses.
Capital One breach highlights how easy it is to accidentally expose your high value assets. Attack simulations help teams find key risks before attackers.
Capital One, a leader in cyber security and flagship AWS customer, was recently breached. How can organizations in general be expected to manage the cyber threat, when even the advanced get breached? There is no silver bullet answer, but we know one crucial perspective; “graphs vs. lists”. And we see that simulations are part of the operational solutions going forward.
The Capital One breach is a perfect example of how easy it is to do misconfigurations, and how tough it is to understand the consequences of combinations of access rights, risks and vulnerabilities. A global and systemic security issue. In this case all involved parties are very security focused and has some of the best people in the business to prevent breaches like this, and they were still “owned by an internet jerk”.
Many have written about what happened and there are great articles that describes the likely chain of events. Brian Krebs from Krebs on Security wrote an article based on interviews with almost a dozen security experts. Chetan Conikee Founder and CTO of ShiftLeft have a more in-depth technical explanation of the vulnerabilities and commands that could have been used in the breach.
In summary, the attacker exploited a misconfigured firewall installed on a virtual machine in AWS to gain the privileges necessary via a high permission role, to list and extract personal information of over 100 million Capital One customers from the AWS storage service S3.
Misconfiguration and security issues like this are not unique for cloud environments or the financial industry and can often be mitigated by traditional security solutions. However, the Capital One breach and the way it was conducted highlights a larger, more widespread issue. Complexity, and the way we are trying to navigate that complexity.
“A lot of network defense goes wrong before any contact with an adversary, starting with how defenders conceive of the battlefield. “
The war is lost before the battle because we fail to understand the battlefield; our own environment. We fail to understand the battlefield to a large extend due to that we are viewing it through a collection of lists. Lists of assets, lists of critical vulnerabilities, lists of compliance violations and there’s one big problem with all of this; Defenders don’t have lists of assets, they have environments that can be represented as graphs.
The battlefield is a graph, and as defender you can have the upper hand by having all the relevant information about the battlefield. It is time we start leverage this information in a smarter way.
The concept of Threat Modeling is about seeing your environment as a graph and thinking like an attacker. It’s a process for creating a model of your environment, a profile of a potential attacker and how that attacker might behave in your environment to breach your defenses and compromise your high value assets. Threat
Modeling has however historically been a very manual, expertise intense, and time-consuming process. It has therefore been used primarily by the most security aware organizations. And it has not been well suited to highly dynamic and scalable cloud environments. But automated technologies are now here, which makes threat modeling and attack simulations practically viable for virtually all organizations!
As mechanical engineers use simulations to asses and strengthen their constructions, security engineers and DevOps teams can continuously use simulations to proactively identify, prioritize, and mitigate cyber risks.
By simulating attacks, we can explore all possible paths of an attacker through our environment to discover what combination of weaknesses an attacker might exploit to reach our high value assets. This allows us to mitigate weaknesses and structural vulnerabilities before they are exploited by attackers. DevOps teams can now assess the security of their newly pushed functionalities in an efficient and scalable way. In short;
“Have we, as Capital One, now done some misconfiguration that in combination with e.g. system access rights expose critical paths to our high value assets?” Simulations provide these insights.
securiCAD Vanguard is an attack simulation and automated threat modeling service developed specifically for AWS. It enables you to automatically simulate attacks on a virtual model of your AWS environment – to find, prioritize and mitigate weak links before attackers exploit them. By providing securiCAD Vanguard with read access to standard AWS APIs, a model of your environment is automatically built and visualized. By simulating attacks on the model, securiCAD Vanguard will assess the consequences of your AWS configuration, existing vulnerabilities and misconfigurations to prioritize mitigations in the context of the actual system and its high value assets.
securiCAD VANGUARD is now available in a free early access version.