Security firm Imperva has published its January Hacker Intelligence Initiative Report. The study, entitled “Lessons Learned from the Yahoo! Hack,” underscores the dangers of third-party code in cloud computing.
In December 2012, a hacker using the online handle ViruS_HimA breached Yahoo! systems and gained access to certain databases and one of the company’s servers.
After analyzing the screenshots and the other pieces of information published at the time by the hacker, Imperva researchers determined that the SQL Injection vulnerability leveraged by the attacker to gain access to the company’s system wasn’t in applications developed by Yahoo!, but by AstroYogi.com.
The vulnerable code was actually hosted on the servers of AstroYogi, a popular Indian astrology portal.
“The routing of users from Yahoo! to Astroyogi.com is achieved by using a DNS alias. When the user wants to browse ‘in. horoscopes.lifestyle.yahoo.net’ a DNS query is sent,” experts explained in the report.
“When a DNS server looks up the application name on yahoo.net records and finds it is actually an alias, it replaces the name with the canonical name (in this case ‘yahoo.astroyogi.com’) and looks up the new name.”
The lesson that organizations should learn from this incident is that they must take responsibility to secure third-party code and the cloud-based applications they’re utilizing.
First of all, businesses should set legal requirements to outline what is and what is not accepted from a security point of view.
In addition, any merger or acquisition should be actively investigated to ensure that there are no security risks.
From a technical standpoint, enterprises should deploy web application firewalls (WAFs) that can prevent vulnerable apps from being exploited.
Conducting web application vulnerability assessments is also highly recommended in order to identify potential security holes that must be addressed in the development lifecycle of a piece of software.