Csaba Krasznay, Security Evangelist, Balabit.
In the case of the Uber data breach, it has been reported that the hackers were able to access a private area of Github, and from there gain Uber’s log in credentials to Amazon Web Services – the area where Uber stored this data. It is well established security best practice to implement a formal password policy for privileged accounts, including changing default passwords as a matter of course, but the truth is this is no more than a first line of defence. Professional cyber-criminals have a multitude of techniques to hack privileged account credentials, so if organisations really want to mitigate the risk of a breach they have to put in place technology that monitors behaviour after the point of authentication. In other words, we have to assume that hackers are already inside the system, and look for triggers that can point to a malicious presence on the network. Passwords alone provide a very thin level of cyber-defence against today’s hackers.
These countermeasures should be kept in mind even in a DevOps environment as these resources are becoming an increasingly popular target for cybercriminals.