At Black Hat, the cloud is under siege

Welcome to Runtime! Today: Security researchers outline the latest threats and fixes in cloud and enterprise security, Microsoft lost some cloud market share last quarter, and the latest moves in enterprise tech.

(Was this email forwarded to you? Sign up here to get Runtime each week.)

Nobody hack the HVAC

The annual Black Hat convention draws the security community to Las Vegas every August for a slightly-less-corporate event compared to the spring RSA show. Famous for its history of hacker hijinks, Black Hat is also a place where major security incidents are disclosed and explained, and researchers had a lot to talk about this week.

Dozens of talks and speeches took place this week at the Mandalay Convention Center, but three stood out. First off, sophisticated hacking groups are increasingly running their attacks using cloud storage services like Microsoft OneDrive and Google Drive, according to research presented by Symantec.

• Free accounts on either service can be used to host malware or exfiltrate files from target computers, researchers said.
• Those accounts are incredibly fast and easy to set up, and traffic going to or from OneDrive or Google Drive likely won't be flagged by corporate security policies given how often we all use one of those services as part of a day's work.
• Obviously Microsoft or Google will suspend those accounts as soon as they are discovered, but the accounts don't need to be active very long to do damage.
• "In the past few weeks alone, Symantec’s Threat Hunter Team has identified three further espionage operations using cloud services and found evidence of further tools in development," it said in a blog post outlining its findings.

AWS has enjoyed Microsoft's security struggles over the past year, but every company is only one major incident away from falling off their high horse. Researchers from Aqua Security this week disclosed six new vulnerabilities in AWS services that could have been used to take over AWS accounts and steal data.

• The flaws — which have been patched — could have affected users of CloudFormation, CodeStar, EMR, Glue, SageMaker, and ServiceCatalog.
• When an AWS customer creates a storage bucket, that bucket is given a name associated with their account number and the region in which the bucket is located.
• Researchers figured out that you could create a bucket with that account number in a region where the user hasn't yet created any buckets, and the affected services would see that new bucket as part of the customer's overall account.
• And from there, you could do lots of things: run your own code out of that fraudulently created bucket, wait for the customer to drop something sensitive into it, or both.

When generative AI first took off, security experts saw two likely outcomes for their world: generative AI tools can be extremely valuable for sorting through data and finding security issues, but they can be used to automate attacks. Zenity co-founder and CTO Michael Bargury demonstrated how Microsoft's crown jewel — the Microsoft 365 Copilot — can be used to cause chaos inside and outside an organization.

• One technique titled LOLCopilot could allow an attacker who has control of an email account to install code that searches your sent emails to develop a close-enough sense of your writing style and send out messages to colleagues or contacts with a bad link or malware attached.
• Another attack that doesn't require control of the account could allow an attacker to manipulate a database to swap their own banking information in for a regular vendor's information.
• “Every time you give AI access to data, that is a way for an attacker to get in,” Bargury told Wired, and there are a lot of companies giving AI systems access to their data in 2024.

Divvying up $79 billion

Microsoft and Google have been chipping away at AWS's big lead in the cloud infrastructure market over the last several years, as the overall market continues to grow at a 22% clip according to new data from Synergy Research. However, for the first time in a while, AWS picked up a little share at Microsoft's expense.

At the end of the second quarter, AWS's market share increased slightly to around 32% and Microsoft's fell slightly to about 23%. Azure is still growing faster than AWS overall and Microsoft executives acknowledged some softness in the non-AI part of its Azure business last week during earnings, but CEO Satya Nadella has not hesitated to call out Azure share gains against the competition over the last year.

Google Cloud also picked up a little share, but the big winner was Oracle, which edged out whatever IBM has left as a public cloud infrastructure business unit for the first time ever. Still, Synergy's John Dinsdale put the numbers in perspective: "In this market Google is almost five times the size of Oracle, while Amazon is almost three times the size of Google.”

Enterprise moves

Sachin Jain and Chen Goldberg are the new chief operating officer and senior vice president of engineering, respectively, at GPU cloud provider CoreWeave.

Legendary hacker Mudge is the new CIO of DARPA, rejoining the agency a decade after he left to join Google.

Amy Shapero is the new chief financial officer of VAST Data, joining the company as its first-ever CFO after five years as Shopify's CFO.

The Runtime roundup

Jfrog missed revenue targets for the second quarter and provided a disappointing outlook for the months ahead, sending its stock down almost 28% Thursday.

Hubspot, on the other hand, easily beat Wall Street expectations for revenue and profit, showing why Google was eager to acquire the marketing software company.

Hugging Face acquired XetHub, a startup that was working on a collaborative development platform for AI researchers and developers.

What might have been: in 2018 Intel was close to buying a 15% stake in OpenAI for $1 billion, but walked away over concerns that it would take a long time for generative AI investments to pay off, according to Reuters.

Thanks for reading — see you Tuesday!