Azure admins warned to disable shared key access as backdoor attack detailed


Researchers from Orca Security believe that a design weakness in Microsoft Azure, where shared key authorisation is set by default when creating storage accounts, might grant attackers complete access to your environment.

Attackers may exploit Azure access keys as a backdoor into a company, similar to how public AWS S3 buckets have been abused in previous years, Roi Nisimi of Orca warned today. Redmond replied by acknowledging that “these permissions could be abused to gain access to additional resources within a customer’s tenant.”

Read More…