Consider your cloud provider the same as you consider a food delivery company that you love. You depend on it to bring you the correct order each time, right? So then try imagining what would happen if a burglar entered the kitchen and tampered with your food. That is what the Murky Panda hackers did. They didn't hack companies. They hacked cloud providers and leveraged that faith to access the customers. Shivery, right?
Why is this so dangerous? Because once a vendor has been cracked once, it hurts everyone who is connected to it. It's like the first domino—dominoes fall in a rush.
Here's why it works so well for the attackers:
• Customers don't realize quickly because the attack appears as though it's coming from a trusted source.
• It's difficult to track because the bad traffic is disguised to look real.
• It also minimizes response time because humans never suspect their provider to start with.
For real, I absolutely love using cloud services, but this type of hack makes me anxious.
So what do we do? We can't eliminate all threats, but we can:
• Watch our systems more closely
• Review third-party apps and connections on a regular basis
In other words, never read "safe" as safe.
How They Did It
This is the trick: rather than hacking each company individually, Murky Panda attacked the cloud supply chain. They opened the door with one trusted vendor, and then exploited that to hack many more.Why is this so dangerous? Because once a vendor has been cracked once, it hurts everyone who is connected to it. It's like the first domino—dominoes fall in a rush.
Why We Trust the Cloud So Much
We all rely on the cloud because it simplifies things. It's less expensive, quicker, and takes a great deal of work out. But that same reliance is a terrible vulnerability. When the hackers take away that trust, they can reach anything.Here's why it works so well for the attackers:
• Customers don't realize quickly because the attack appears as though it's coming from a trusted source.
• It's difficult to track because the bad traffic is disguised to look real.
• It also minimizes response time because humans never suspect their provider to start with.
For real, I absolutely love using cloud services, but this type of hack makes me anxious.
Why This Attack Is Different
Most hacks happen in a way that's akin to someone kicking in your front door. This one? Hackers stole a copy of your house key from the locksmith and strolled right on in. That's why Murky Panda's approach is so frightening—it preys on trust we already have.So what do we do? We can't eliminate all threats, but we can:
• Watch our systems more closely
• Review third-party apps and connections on a regular basis
In other words, never read "safe" as safe.
