Businesses need to have a solid security plan in place to handle their SaaS security concerns if they want to fully benefit from cloud computing. In the first place, what are these worries?
Cyberattacks will cost businesses $10.5 trillion annually by 2025, a 300% increase over 2015, predicts McKinsey. Businesses need to keep up with the latest developments in data security if they want to reduce the risk and expense of cyberattacks. They must adopt a shared responsibility model and cloud-native solutions built with DevSecOps standards to actively manage their SaaS security.
IBM's widely used Aspera Faspex file transfer system has a serious problem. A critical bug that could allow hackers to run any code they want is being used by cybercriminals, including ransomware groups. Even though IBM has released a patch to fix the issue, many organizations have failed to install it.
Researchers are warning that this vulnerability is being exploited, and one of their customers was recently hacked due to this problem. It's important to take immediate action to fix this vulnerability to avoid being targeted by hackers.
Aspera Faspex is a software application that provides secure file transfer capabilities to businesses and organizations. It is widely used across various industries, including media and entertainment, healthcare, finance, and government agencies.
The vulnerability (CVE-2022-5859) in Aspera Faspex version 4.1.3 and earlier versions arises from insufficient validation of user-supplied input in the software. Attackers could exploit this vulnerability by sending specially crafted data to the application, leading to arbitrary code execution. This could enable attackers to bypass authentication and execute code on the vulnerable system, which could result in significant data breaches and other security incidents.
The vulnerability in Aspera Faspex is considered critical, with a CVSS rating of 9.8 out of 10. This means that it is highly exploitable and could have severe consequences for organizations using the software. Attackers could gain unauthorized access to sensitive data, execute malicious code, and cause significant disruptions to business operations.
IBM has recommended that organizations using the affected version of the software should upgrade to a patched version as soon as possible to address the vulnerability. Timely patching is critical in mitigating the risk of cyberattacks and data breaches. Organizations that delay patching are putting themselves at increased risk of cyberattacks and other security incidents.
In addition to timely patching, implementing robust security measures is crucial in preventing cyberattacks and minimizing the impact of security incidents. IBM has emphasized the importance of following standard security practices, including network segmentation and monitoring for unusual behavior. These security measures can help organizations detect and respond to security incidents in a timely manner.
The Aspera Faspex vulnerability is a reminder of the importance of prioritizing security in any organization. With the evolving security landscape, organizations must remain vigilant and continuously update their security measures to mitigate the risk of cyberattacks and other security incidents. Failure to take prompt action in addressing vulnerabilities could have severe consequences for organizations, including financial losses, reputational damage, and legal implications.
The problem will also affect Russian government agencies, which are switching to domestic Linux operating systems as part of import substitution. Businesses that have started actively using the cloud against the background of the pandemic face increased costs: attackers can hack their cloud environments and use them for mining cryptocurrencies and DDoS attacks.
According to the IBM report on the main information security risks in 2021, the number of attacks on cloud environments and open-source Linux operating systems will increase this year. Users of Russian operating systems on Linux can also suffer, said Oleg Bakshinsky, a leading information security adviser for IBM in Russia.
The attackers began using the extensible computing power of Linux-based cloud environments, said Mr. Bakshinsky.
The customer can enable the service in their cloud settings, and at times of peak loads, their resources will be expanded for an additional fee. Attackers take advantage of this by gaining unauthorized access to the victim's cloud environment, increasing the company's costs for paying for cloud services.
The authorities have already acknowledged the problem. So, to check the security of operating systems based on Linux, the Federal Service for Technical and Export Control of Russia will create a research center for 300 million rubles ($4 million).
Cybersecurity experts also confirmed the growing interest of hackers in Linux systems. Check Point records about 20 attacks on Linux-based cloud environments in Russia, which is 3.45% of the total number of such attacks worldwide.
The main targets of the attackers, according to Nikita Durov, technical director of Check Point in Russia, are the financial industry and the government.
Alexander Tyurnikov, head of software development at Cross Technologies, is convinced that attacks on cloud environments "will not be so large-scale as to lead to the collapse of state and commercial systems."
"The fight against racism and racial inequality is as urgent as ever. Despite much progress since the Civil Rights movement, Black people are still significantly affected by poverty, unemployment, segregated housing, and other injustices in the United States.", they wrote on their website.