The Solicitor General of the Philippines suffers a very embarrassing data breach. More than 300,000 data files some of which contained sensitive information, belonging to the Office of the Solicitor General of the Philippines were accessed by an unknown party, according to Channel Asia IDG. While the scope of this is quite shocking, how it was done is not. In fact, it is quite simplistic.
The data breach encompasses internal passwords and policies, staffing payment information, and information on financial processes and activities including audits. The breached information also included several hundred files thought to be classified with presumably sensitive keywords such as “Private, Confidential, Witness and Password”. According to CNN Philippines, the documents included sensitive topics: drug (271), abuse (123), rape (774), child (143), trafficking (135), execution (437), NICA/intelligence (10), terrorism/terrorist (30), quarantine (29), COVID (28), weapon (48), Duterte (6), Pangilinan (63), opposition (753), nuke (1), military (4).
How the Cloud Data Breach Happened
There does not appear to be any advanced techniques used and instead, the malicious actor took advantage of a simple, and well-documented, misconfiguration. It is believed that the malicious actor gained access to a public-facing database – meaning anyone with an internet connection could access it. To add insult to injury, the Office of the Solicitor General of the Philippines, was not aware that its data had been breached but was made aware of this problem through a security researcher.
Security misconfigurations, like this one, happen when supposed safeguards are not in place or followed. Without a simple form of protection, information stored in a data store can be browsed by scripts and other tools when they are open to the public internet. Since the information in the data store was sensitive, this poses a critical security risk, and in this case, possibly a national security risk.
Over the years, quite a number of serious data breaches at major companies have taken place due to a similar misconfiguration.
In recent headlines, we have read about countless organizations that have made the mistake of leaving an exposed database open to the Internet. This misconfiguration can be prevented and our technical experts can help explain steps you can take today to prevent this error from happening to your organization.
Read more about the Solicitor General of the Philippines data breach on Channel Asia IDG’s blog.
Start with the Cloud Security Fundamentals
Cloud security teams can follow a fundamental checklist for security best practices to prevent an event, such as the Office of the Solicitor General of the Philippines data breach, from happening. Sonrai offers basic cloud security checklists to help ensure common mistakes are avoided that can be used as a starting point – AWS Cloud Security Checklist and Microsoft Azure Cloud Security Checklist. Negligently unprotected data stores will inevitably lead to a data breach. Don’t be yet another statistic.
Sonrai Security Can Help
Getting an advanced tool like Sonrai Dig can help to remediate your implementations and enforce your controls as well as ongoing monitoring of your people and non-people identity and data risks. Sonrai Security keeps a continuous inventory of all Identity and Data Relationships, as well as monitors your CSPM baselines, and alerts teams when things deviate. A benefit of knowing immediately when an identity gains questionable effective permission to access data is that you can implement remediation actions before the risk becomes an incident.
The Sonrai Dig service delivers a complete risk model of all identity (people and non-people) and data relationships, activity, and movement across cloud accounts, cloud providers, and third-party data stores. Built from the ground up to address fundamental cloud data security and compliance concerns, the solution delivers the following risk control workflow:
- Discover: Automatically, visualize and map Identity and Data across your clouds
- Classify: Leverage machine learning to determine the data type, importance, and risk
- Audit: Continuously map permissions, configuration, and access to data
- Protect: Use behavioral controls to detect and prevent theft
Implementing controls around what has access to data is fundamental to any data security and compliance program. Although each unique cloud provider delivers services and APIs to manage identity and access to data for their stack, they are not standardized across all the stacks available (e.g., Amazon, Google, and Microsoft), do not address third-party data stores, and often require the use of low-level tools and APIs. Sonrai Dig resolves this problem through normalized views and control of cloud identity and data access.
Follow the above recommendations and reach out should you need help with governing your cloud resources. Sonrai can help.