Last week, we discussed some new developments in cybersecurity and in cyberattacks, including Storm-0501’s transition to targeting the Cloud. This reveals unaddressed weaknesses in our cybersecurity postures – including gaps left by Shadow IT.
What is Shadow IT?
Shadow IT are systems your security team doesn’t know about; unmanaged assets like unsecured backups or open Git repositories are prime examples. These weaknesses are some of the most dangerous for organizations – because they do not necessarily get flagged as exposed at all.
This allows a hostile actor to potentially uncover information, system flaws or vulnerabilities that have gone unnoticed. Last week’s discussion of Storm-0501’s new tactics touches on some of this, where a non-human synced identity with administrator privileges was accessible and not covered by standard MFA or other protective measures; compromising this identity let them change passwords that were then synced onto the Cloud, allowing the attackers to authenticate with the new password and compromising more and more layers.
One of the more common vulnerabilities here is developer tools – as they are not intended to be public or even accessible, issues here can persist unnoticed. Even if credentials or secret files are removed from the active codebase, for example, they often persist in Git history indefinitely unless properly purged – leaving them potentially discoverable.
How can we address this?
As with all other cybersecurity developments, countermeasures are being developed in real time to try and account for perceived threats. Some of the developments are continuing to try and leverage AI for early detection. Storage optimization, monitoring backups – especially for evidence of malware – and compiling risk assessments for DR are all tasks that lend themselves to AI.
At the same time, AI has flaws and cannot account for everything; as such, other systems are being put into place ranging from more complex software solutions, industry best practices (such as the transition towards Zero Trust, better authentication and MFA) all the way to government regulation regarding data handling.
Shadow IT specifically is something best addressed through continuous internal audits, following the same discovery paths that a hostile actor would use to try and discover and exploit gaps and weaknesses in your cybersecurity posture; as with all prevention, it is key to do it often and do it early, in conjunction with keeping your backups and other disaster response systems up to date.
Your Data In Your Hands – With TECH-ARROW
