CISA has issued a warning over the risk of data breaches following a security incident affecting legacy Oracle cloud environments, urging enterprises to shore up defences.
In an advisory published Wednesday 16th April, the security agency said the incident “presents a potential risk to organizations and individuals” despite unconfirmed reports on the scale of the breach.
CISA specifically highlighted risks for enterprises where credentials “may be exposed, reused across separate, unaffiliated systems, or embedded (i.e., hardcoded into scripts, applications, infrastructure templates, or automation tools)”.
“When credential material is embedded, it is difficult to discover and can enable long-term unauthorized access if exposed,” the agency added.
The advisory from CISA follows confirmation by Oracle that a threat actor leaked credentials sourced from what it referred to as “two obsolete servers” earlier this year.
In an email to affected customers, the cloud computing giant insisted the incident was limited to these impacted servers and not connected to Oracle Cloud Infrastructure or specific customer cloud environments.
“Oracle would like to state unequivocally that the Oracle Cloud - also known as Oracle Cloud Infrastructure or OCI - has NOT experienced a security breach”, the email read.
“No OCI customer environment has been penetrated,” it added. “No OCI customer data has been viewed or stolen. No OCI service has been interrupted or compromised in any way”.
How to shore up defenses after the Oracle incident
In its advisory, CISA also offered guidance to help enterprises mitigate any risk associated with the credential leak.
The agency urged organisations to reset passwords for affected users across the entirety of their network, adding that additional caution should be taken where credentials “may not be federated through enterprise identity solutions”.
Similarly, security personnel were advised to review source code, infrastructure as code templates, automation script, and configuration files for hardcoded or embedded credentials. These should be replaced with secure authentication methods, the agency insisted.
Further guidance included:
- Monitoring authentication logs for “anomalous activity, especially involving privileged, service, or federated identity accounts”.
- Assess if additional credentials - including API keys and shared accounts - might be associated with affected identities.
- Implement phishing-resistant multi-factor authentication (MFA) for all user and admin accounts “where technically feasible”.
MORE FROM ITPRO
- Say goodbye to walled gardens, Oracle is doubling down on multi-cloud
- Oracle breach claims spark war of words with security researchers
- All you need to know about Oracle's partner program
-
Warning issued over ‘fast flux’ techniques used to obscure malicious signals on compromised networksNews Cybersecurity agencies have issued a stark message that too little is being done to sniff out malware hiding in corporate networks
-
Oracle breach claims spark war of words with security researchersNews A war of words has erupted between Oracle and cybersecurity researchers following claims the company suffered a security breach.
-
Five Eyes cyber agencies issue guidance on edge device vulnerabilitiesNews Cybersecurity agencies including the NCSC and CISA have issued fresh guidance on edge device security.
-
Two notorious infostealer malware operations were just knocked offlineNews Infrastructure linked to two major infostealer malware strains has been seized in a joint law enforcement operation
-
“By this time next year, Oracle employees won't be using passwords” — Larry Ellison wants a biometric future in cybersecurityNews The Oracle CTO hit out at passwords, calling them insecure and easy to steal
-
NetSuite vulnerability could leave thousands of websites exposedNews The issue stems from a misconfiguration of access controls in NetSuite's SuiteCommerce instances
-
CISA breached a federal agency as part of its red team program — and nobody noticed for five monthsNews A red team assessment performed by CISA on an unnamed federal agency found a series of critical security weaknesses
-
What is the Cybersecurity and Infrastructure Security Agency (CISA) and what does it do?Explainer CISA plays a critical role in keeping US organizations safe from cyber attacks, providing vital advice and threat information
