PCG logo
Case Study

Cybersecurity for Managed Applications: Just 24 hours to close a gap

The Challenge

Sydney, June 2, 2022, 06:25 local time - It’s nine degrees Celsius outside; in stark contrast to the increasing heat inside the headquarters of software provider Atlassian. Those in charge are just realizing: their software Confluence has a previously unknown vulnerability – in the jargon of security experts, a “zero-day exploit.” This refers to a security vulnerability that has only just been discovered on day zero of its lifetime. And it’s the job of cybersecurity agents to ensure that it does not live to see the end of the day.

Inform the public and develop countermeasures

Sydney, June 2, 2022, 06:30 local time - Atlassian’s security experts scramble into action. First, they take measures to temporarily close the breach. Simultaneously, they compile all available information in an email for Confluence users.

Cybercriminals have used the vulnerabilityExternal Link to carry out a remote code execution (RCE) attack. It is used to execute arbitrary program code without permission. The attackers are now able to execute malware, take control of the computer, lose and steal data and cause days of downtime. The horror list of consequences is immense. An RCE attack is one of the most dangerous cyberattacks there is.

Sydney, June 2, 2022, 06:50 local time - Atlassian sends emails to all users and publishes the information on its website. The world now knows about the breach. As always, the information is quickly shared by security experts via blogs and discussion forums.

In this way, other cybercriminals also learn about the breach. Experience shows that malware developers immediately get to work trying to exploit the gap with a malicious program. But Atlassian developers are already working full speed on the new release of a software to close the gap. Speed is essential. Security specialists and cybercriminals are racing against time: Who’s faster? The patch or the first malware?

The Solution

Berlin, June 3, 2022, 0:56 a.m. local time – PCG. An email from Atlassian arrives. Since Sydney is eight time zones ahead, it’s still night in Berlin. But at least one person is not sleeping. The on-call agent scans the information and immediately alarms all relevant administrators and developers via Slack.

Risk Assessment and Quick First Aid

Berlin, June 3, 2022, 08:00 local time - The admins and security specialists are already working. They analyze the information from Atlassian and the situation in their own infrastructure. The first insight: Fortunately, only Confluence is affected due to the architecture.

The application runs in a container infrastructure that does not allow any impact on other systems. This is because the individual containers are separated from each other and from all other applications. Therefore, malware cannot access other processes and cause even more damage.

Atlassian’s recommended workaround is quickly realized. This includes blocking requests that match certain URL patterns and restricting access to instances through so-called IP whitelisting. Now only certain network addresses can access the Confluence environment. Gradually, more info arrives. Atlassian recommends the replacement of some files and gives a release schedule of s patch that will close the gap.

The gap is closed: error correction is rolled out

Berlin, June 3, 2022, 11:00 local time - All defensive measures are in place. This breach affected a number of customers who were constantly kept up to date with the latest information. Preparations then began for a rollout of a new, corrected Confluence version.

Sydney, June 3, 2022, 12:30 local time - Atlassian developers have closed the breach and are distributing the update through the usual channels. It is now 19:30 in Berlin. The rollout starts immediately after the new application packages arrive. It runs automatically because the infrastructure is automated. So far, there are no security problems, and the containers are booting up without any problems.

Berlin, June 3, 2022, 22:00 local time - The admins detect an initial attempt to exploit the breach, but this fails due to countermeasures. This is a proof of concept (PoC). The attacker is just checking to see if the vulnerability still exists and doesn’t cause any damage. This procedure is typical for cybercriminals. They test through network addresses and ports until they find an uncorrected vulnerability.

Thanks to the countermeasures, the attack was unsuccessful. This shows that reliable vulnerability management, proven operational processes and efficient infrastructure automation are crucial for the secure operation of an IT infrastructure. They allow rapid responses and reliably protect customer systems.

Berlin, June 3, 2022, 23:00 local time - The rollout is complete. All Confluence instances are secure and are using the new version without vulnerability. No more unusual incidents; a lot of people sigh in relief.

Results and Benefits

This vulnerability incident in Confluence shows just how important quick reactions in cybersecurity are. Criminals must not have a chance to exploit a newly identified vulnerability. Constant vigilance and the right processes are required to react at lightning speed and close the gap.

Cross your heart: is your company capable? Even at night or on weekends? Are you prepared? Your business operations are heavily dependent on the functioning of IT. That’s why vulnerability management belongs in the hands of experienced security experts - as part of a managed service that lets you sleep soundly in any time zone.

About PCG

Public Cloud Group (PCG) supports companies in their digital transformation through the use of public cloud solutions.

With a product portfolio designed to accompany organisations of all sizes in their cloud journey and competence that is a synonym for highly qualified staff that clients and partners like to work with, PCG is positioned as a reliable and trustworthy partner for the hyperscalers, relevant and with repeatedly validated competence and credibility.

We have the highest partnership status with the three relevant hyperscalers: Amazon Web Services (AWS), Google, and Microsoft. As experienced providers, we advise our customers independently with cloud implementation, application development, and managed services.


Continue Reading

Article
Protection Against Cyber Attacks: NIS2 and DORA in Comparison

NIS2 and DORA: New EU directives for cybersecurity. Learn how to protect your company and ensure compliance.

Learn more
Press Release
PCG: Founder Oliver Schallhorn transitions to the Advisory Board as planned

As announced earlier this year, Oliver Schallhorn, longtime CEO and founder of the Public Cloud Group (PCG), will step down from all executive and operational roles at the end of 2024.

Learn more
Article
Machine Learning
Digital Workplace
Gemini for Google Workspace now available in German

Attention, Google Workspace users! Gemini now also available in German. AI power in 7 new languages for efficient work.

Learn more
Case Study
Software
Europe's most advanced SAP Cloud data centre

Together with PCG, ZEISS has successfully migrated around 80 SAP systems to the Azure cloud, creating the most modern SAP cloud data center in Europe.

Learn more
See all

Let's work together

United Kingdom
Arrow Down