A new day reveals yet another major security breach. This time it was Microsoft’s turn, when a critical security vulnerability was detected in the tech giant’s cloud system, leading anyone with a “key” to find personal information of thousands of its customers. The interesting part of this story, though, comes from the people who found the security vulnerability: Israeli startup Wiz -- founded by a team of former Microsoft employees, led by Assaf Rappaport. Previously the GM of Microsoft Israel R&D and responsible for its cloud security.
A potential cloud disaster
The vulnerability found is in Azure's database service called Cosmos DB, which enables real-time data processing and management. According to Cosmos' main website, among the service's customers we find several industry leaders such as Coca-Cola, Asos, Symantec, Skype, Kohler and Exxon.
Wiz’s Nir Ohfeld and Sagi Tzadik explain that the weakness was added to the service in 2019, when Microsoft added a new feature to support Jupyter Notebook (an open source format that allows JSON-based information to be written, edited and visualized). The problem is that a number of incorrect configurations have created the breach point discovered by Wiz security researchers, allowing access to users' primary keys, and from there to all the most sensitive data of the companies stored in the service. In February 2021, Microsoft launched the Jupyter Notebook support feature, with the built-in default security vulnerability, for its all new Cosmos customers.
After obtaining the keys, the researchers were able to get full admin access to all the information stored by Cosmos DB users, with view , edit and also delete permissions as well. "This is the worst vulnerability you can imagine in the cloud," said Ami Luttwak, CTO at Wiz, who explains that the company was able to gain access to every Jupyter user database. At the moment, Wiz has not shared the process that led to the exposure of the weakness, but promises to do so "soon".
According to the Wiz analysts, Microsoft’s security team neutralized the vulnerability within 48 hours since it was first discovered. However, if any nefarious characters got there before Wiz, then many Cosmos customers are left exposed. This has led Microsoft to email more than 30% of Cosmos users, urging them to replace their access keys as soon as possible. According to researchers at Wiz, they still believe that many users are still exposed to the theft of sensitive data due to the fact that the vulnerability has been around for at least a couple months.
Let’s remain calm
It is important to note that while the Jupyter Notebook feature has been enabled by default for all new customers since February, if your team did not use the feature during the first 3 days of operation, it was automatically disabled. So, in theory, a bad player could’ve still taken advantage of this relatively small window to hack into your database.
Microsoft claims that according to their investigation, no evidence was found that its customers' information was leaked as a result of the vulnerability, and the customers whose keys were exposed were notified almost immediately to replace them. If you only started using Azure in 2021, or your team used Jupyter, you can follow the steps that Microsoft lists here to make sure you are protected.
Wiz disclosed the ChaosDB weakness with Microsoft, earning the Israeli company a $40,000 prize. While this is a drop in the sea for the two-year-old startup that has already raised around $ 350 million to date, it's not the first time Microsoft has transferred substantial sums of money to the Wiz team.
Joined Microsoft together, and left as one
We’ll just remind you that Wiz was founded by the same entrepreneurs who founded Adallom, an Israeli cyber startup that was acquired by Microsoft for $320 million in 2015. Following the acquisition, the startup was quickly swallowed by Microsoft’s cyber division. Then Adallom CEO, Assaf Rappaport slowly moved up the corporate chain, leading cloud security for Microsoft, and eventually settling as GM of Microsoft Israel R&D. Slightly ironic given the fact that Wiz has now exposed one of the most severe security vulnerabilities in Microsoft cloud history. Ohfeld and Tzadik, the pair of analysts who discovered the weakness, were "snatched" up by Wiz straight from the grasp of another Israeli cyber giant, Checkpoint.