Read more about the current Greenbook proposals. ...
This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.
IMPERVA ALERT
Cybersecurity threats evolve every minute of every day. Best practices exist to protect against or even mitigate these growing threats, but, unfortunately, some companies still fall victim to attacks. Lapses in controls lead to many of the countless breaches that we hear about so often in the news. It was reported recently that Imperva, a leading provider of Internet firewall services, which can help web sites block malicious cyberattacks, was a victim of a cyberattack.
This time the threat came from the cloud, specifically the Incapsula cloud (the company’s cloud-based Web Application Firewall (WAF) product). The result of this breach was those customer data elements dating back to September 17, 2017 were obtained by attackers. The data elements captured included email addresses, hashed/salted passwords, and for a small subset of Incapsula customers, the breach exposed API keys and customer-provided SSL certificates.
OVERARCHING CONCERN
Commenting in an article on the security website Krebs on Security, Rich Mogull, founder and vice president of product at Kansas City-based cloud security firm DisruptOps, stated that “an attacker in possession of a customer’s API keys and SSL certificates could use that access to significantly undermine the security of traffic flowing to and from a customer’s various Web sites.”
In addition, attackers in possession of these key assets could reduce the overall security of WAF settings and could essentially “whitelist” any traffic originating from an attacker. To imagine a worst-case scenario, an attacker associated with this breach could intercept, view or modify any content meant for an Incapsula client web site, and even divert this traffic through an attacker-owned site or other malicious destination.
Certain scenarios could allow an attacker to alter a WAF implementation into a state that makes it essentially meaningless for the customer. Due to the ongoing investigation associated with this matter, many questions remain unanswered. Below are a few of those questions.
Imperva Incapsula breach – unanswered questions (Provided by ZDNET)
WHAT YOU CAN DO – OUR RECOMMENDATION
The opinion of IT Security professionals at Schneider Downs (SD) is that 2FA alongside the password reset process should be required for all customers regardless of whether they were affected by this breach (https://www.schneiderdowns.com/our-thoughts-on/cybersecurity/optimizing-two-factor-authentication-security).
Two-factor authentication is not a new technology, nor is it a costly protection mechanism, and we believe it should be required for all Incapsula WAF customers.
WHO USES 2FA? WHY DOESN’T EVERYONE?
The Elie.net blog (a blog created by the lead of Google’s anti-abuse research team, which assists in protecting users against cyber-criminal activities and Internet threats) wrote an article titled “The bleak picture of two-factor authentication adoption in the wild.” In this post, Elie Bursztein reported that “Overall, as of late 2018, 52.5% of the 1149 sites listed in the dongleauth database support 2FA.”
Bursztein’s blog post paints a grimmer picture of 2FA adoption and solidifies our recommendation that 2FA should be a required implementation following a breach of this magnitude.
Sources:
https://krebsonsecurity.com/2019/08/cybersecurity-firm-imperva-discloses-breach/
https://duo.com/decipher/imperva-discloses-customer-data-breach-theft-of-api-keys
https://www.zdnet.com/article/imperva-discloses-security-incident-impacting-cloud-firewall-users/
Read more about the current Greenbook proposals. ...
Learn more about the regional and national supply chain implications of the Baltimore Key Bridge collapse. ...
We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.
Ask us
[email protected]
p:412.261.3644
f:412.261.4876
[email protected]
p:614.621.4060
f:614.621.4062
[email protected]
p:571.380.9003