PCG logo
Case Study

Cybersecurity for Managed Applications: Just 24 hours to close a gap

The Challenge

Sydney, June 2, 2022, 06:25 local time - It’s nine degrees Celsius outside; in stark contrast to the increasing heat inside the headquarters of software provider Atlassian. Those in charge are just realizing: their software Confluence has a previously unknown vulnerability – in the jargon of security experts, a “zero-day exploit.” This refers to a security vulnerability that has only just been discovered on day zero of its lifetime. And it’s the job of cybersecurity agents to ensure that it does not live to see the end of the day.

Inform the public and develop countermeasures

Sydney, June 2, 2022, 06:30 local time - Atlassian’s security experts scramble into action. First, they take measures to temporarily close the breach. Simultaneously, they compile all available information in an email for Confluence users.

Cybercriminals have used the vulnerabilityExternal Link to carry out a remote code execution (RCE) attack. It is used to execute arbitrary program code without permission. The attackers are now able to execute malware, take control of the computer, lose and steal data and cause days of downtime. The horror list of consequences is immense. An RCE attack is one of the most dangerous cyberattacks there is.

Sydney, June 2, 2022, 06:50 local time - Atlassian sends emails to all users and publishes the information on its website. The world now knows about the breach. As always, the information is quickly shared by security experts via blogs and discussion forums.

In this way, other cybercriminals also learn about the breach. Experience shows that malware developers immediately get to work trying to exploit the gap with a malicious program. But Atlassian developers are already working full speed on the new release of a software to close the gap. Speed is essential. Security specialists and cybercriminals are racing against time: Who’s faster? The patch or the first malware?

The Solution

Berlin, June 3, 2022, 0:56 a.m. local time – PCG. An email from Atlassian arrives. Since Sydney is eight time zones ahead, it’s still night in Berlin. But at least one person is not sleeping. The on-call agent scans the information and immediately alarms all relevant administrators and developers via Slack.

Risk Assessment and Quick First Aid

Berlin, June 3, 2022, 08:00 local time - The admins and security specialists are already working. They analyze the information from Atlassian and the situation in their own infrastructure. The first insight: Fortunately, only Confluence is affected due to the architecture.

The application runs in a container infrastructure that does not allow any impact on other systems. This is because the individual containers are separated from each other and from all other applications. Therefore, malware cannot access other processes and cause even more damage.

Atlassian’s recommended workaround is quickly realized. This includes blocking requests that match certain URL patterns and restricting access to instances through so-called IP whitelisting. Now only certain network addresses can access the Confluence environment. Gradually, more info arrives. Atlassian recommends the replacement of some files and gives a release schedule of s patch that will close the gap.

The gap is closed: error correction is rolled out

Berlin, June 3, 2022, 11:00 local time - All defensive measures are in place. This breach affected a number of customers who were constantly kept up to date with the latest information. Preparations then began for a rollout of a new, corrected Confluence version.

Sydney, June 3, 2022, 12:30 local time - Atlassian developers have closed the breach and are distributing the update through the usual channels. It is now 19:30 in Berlin. The rollout starts immediately after the new application packages arrive. It runs automatically because the infrastructure is automated. So far, there are no security problems, and the containers are booting up without any problems.

Berlin, June 3, 2022, 22:00 local time - The admins detect an initial attempt to exploit the breach, but this fails due to countermeasures. This is a proof of concept (PoC). The attacker is just checking to see if the vulnerability still exists and doesn’t cause any damage. This procedure is typical for cybercriminals. They test through network addresses and ports until they find an uncorrected vulnerability.

Thanks to the countermeasures, the attack was unsuccessful. This shows that reliable vulnerability management, proven operational processes and efficient infrastructure automation are crucial for the secure operation of an IT infrastructure. They allow rapid responses and reliably protect customer systems.

Berlin, June 3, 2022, 23:00 local time - The rollout is complete. All Confluence instances are secure and are using the new version without vulnerability. No more unusual incidents; a lot of people sigh in relief.

Results and Benefits

This vulnerability incident in Confluence shows just how important quick reactions in cybersecurity are. Criminals must not have a chance to exploit a newly identified vulnerability. Constant vigilance and the right processes are required to react at lightning speed and close the gap.

Cross your heart: is your company capable? Even at night or on weekends? Are you prepared? Your business operations are heavily dependent on the functioning of IT. That’s why vulnerability management belongs in the hands of experienced security experts - as part of a managed service that lets you sleep soundly in any time zone.

About PCG

Public Cloud Group (PCG) supports companies in their digital transformation through the use of public cloud solutions.

With a product portfolio designed to accompany organisations of all sizes in their cloud journey and competence that is a synonym for highly qualified staff that clients and partners like to work with, PCG is positioned as a reliable and trustworthy partner for the hyperscalers, relevant and with repeatedly validated competence and credibility.

We have the highest partnership status with the three relevant hyperscalers: Amazon Web Services (AWS), Google, and Microsoft. As experienced providers, we advise our customers independently with cloud implementation, application development, and managed services.


Continue Reading

Article
Big Data
Machine Learning
AI
Google Gemini 2.0 has arrived – smarter, faster, multimodal

Discover Gemini 2.0: Google's AI model with agents for increased efficiency and innovation in businesses.

Learn more
Article
Automation
Automated Control Rollout in AWS Control Tower

Control Tower Controls help you to set up guardrails making your environment more secure and helping you ensuring governance across all OUs and accounts.

Learn more
News
Above the Clouds: PCG's Stellar Performance at the AWS LeadMaster Challenge 2024

Wow, what a triumph! Public Cloud Group has just swept the AWS Summit 2024 Lead Master Challenge.

Learn more
Article
AWS Events 2025: The Future is Cloud

As a leading AWS Premier Partner, we're thrilled to present the exciting lineup of AWS events for 2025.

Learn more
See all

Let's work together

United Kingdom
Arrow Down