Leaky cloud services are a major concern these days. As more and more organizations move their data and applications to the cloud, ensuring new forms of collaboration and agility for their workforce, setup errors and misconfigurations (or even the lack of understanding of the shared responsibility model) pose a serious risk for the new, enlarged corporate perimeter. So far, in 2021, I have collected 12 major breaches fueled by cloud misconfigurations, and I wonder how many flew under the radar.

Cross-Site Request Forgery (CSRF) attacks allow an attacker to forge and submit requests as a logged-in user to a web application. CSRF exploits the fact that HTML elements send ambient credentials (like cookies) with requests, even cross-origin. Like XSS, to launch a CSRF attack the attacker has to convince the victim to either click on or navigate to a link.

A few weeks ago Seattle-based financial services and data management firm Automatic Funds Transfer Services (AFTS) suffered a serious ransomware attack. A gang called “Cuba” hacked and stole approximately 20 months’ worth of AFTS data, including financial documents, correspondence with bank employees, account movements, balance sheets, and tax documents. The compromised data then was offered for sale on the dark web.

The Elastic Common Schema (ECS) provides an open, consistent model for structuring your data in the Elastic Stack. By normalizing data to a single common model, you can uniformly examine your data using interactive search, visualizations, and automated analysis. Elastic provides hundreds of integrations that are ECS-compliant out of the box, but ECS also allows you to normalize custom data sources. Normalizing a custom source can be an iterative and sometimes time-intensive process.

On March 2, 2021, Microsoft announced it had detected the use of multiple 0-day exploits in limited and targeted attacks of on-premises versions of Microsoft Exchange Server. The Microsoft Threat Intelligence Center (MSTIC) attributes this campaign—with high confidence—to HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures.

Supply chain security risks are not new, but recent headlines are a reminder for consumers to re-examine their security practices. The story about the guy who hit his mule between the eyes with a 2×4 to “get his attention first” so the beast would then obey his gently whispered commands is memorable because it uses humor to make a serious point: Don’t wait to get clobbered before you pay attention to exhortations about what you ought to do.