AWS, Google Cloud, PayPal, Slack, and Stripe Exposed by Apache Airflow Flaw
Table of Contents
- By Dawna M. Roberts
- Published: Oct 07, 2021
- Last Updated: Mar 18, 2022
On Monday, threat assessors discovered that some older versions of Apache Airflow contained a flaw that leaked a good amount of sensitive information from some large corporations. Unfortunately, the data leak exposed some high-level credentials for platforms such as Amazon Web Services (AWS), Binance, Google Cloud Platform (GCP), PayPal, Slack, and Stripe.
What Happened?
Intezer threat researchers told The Hacker News on Monday that dozens of misconfigured Apache Airflow instances exposed information from some high-profile companies.
The Hacker News explains,
“These unsecured instances expose sensitive information of companies across the media, finance, manufacturing, information technology (IT), biotech, e-commerce, health, energy, cybersecurity, and transportation industries.”
“Originally launched in June 2015, Apache Airflow is an open-source workflow management platform that enables programmatic scheduling and monitoring of workflows on AWS, GCP, Microsoft Azure, and other third-party services. It’s also one of the most popular task orchestration tools, followed by Luigi, Kubeflow, and MLflow.”
The problems that Intezer discovered were mainly in reference to the practice of hard-coding database passwords into variables or “Extra” fields within the pages exposing them to hackers. If a bad actor were to get ahold of these credentials, it could easily lead to intrusion into the corporate network or other cyberattacks.
The Hacker News expands on this,
“If a large number of passwords are visible, a threat actor can also use this data to detect patterns and common words to infer other passwords,” Intezer researchers said. “These can be leveraged in a dictionary or brute-force-style attacks against other platforms.”
Another primary concern is that hackers could potentially use the credentials to gain access and install malware or ransomware, further compromising already weak systems to exfiltrate data or extort funds.
What is the Danger?
Due to the flaw identified by Intezer, the following platforms are vulnerable to exposed login credentials:
- AWS.
- WhatsApp.
- Dremio.
- Binance.
- MySQL.
- PayPal.
- POSTMAN.
- Google Drive.
- Klarna.
- Stripe.
- PostgreSQL.
- Bing ads.
- Facebook.
- Slack.
- Node.
These applications, among others, remain at risk for misconfigured instances of Apache Airflow if not updated immediately.
What is Apache Airflow?
According to its website, Apache Airflow is a “platform created by the community to programmatically author, schedule, and monitor workflows.” In December 2020, Airflow received an update, patching dozens of security issues. The platform notified users of the importance of upgrading to the latest version.
Apache Airflow is open-source, which is great for the community but can leave the door open for hackers to taint the source code and install backdoors. Additionally, Airflow integrates easily with many Google programs and MS Azure making those systems vulnerable if the app remains misconfigured.
How Can Businesses Stay Safe?
Most organizations utilize various cloud-based solutions to run business operations these days. However, this reliance on third-party tools can put companies at significant risk of exposure, ransomware, and other cyberattacks.
Some of the ways businesses can stay safe are:
- Vet any third-party vendor thoroughly before investing company resources in it.
- Always keep your apps and operating systems up to date with the latest security patches.
- Install network monitoring software to scan for any intrusions 24/7.
- Keep good, robust antivirus software running on all servers and workstations.
- Implement strict password policies and access management tools.
- Train staff on phishing tactics and social engineering techniques, so they know what to avoid.
- Stay on top of any data breaches and notifications from software vendors of vulnerabilities or flaws that need addressing.
- Remain vigilant and understand that hackers are working overtime, and you as a business owner need to as well just to keep up and stay safe.