Welcome to a special edition of Cybersecurity Today. We normally cover a number of topics on the newscast, but I wanted to flag one story that might have appeared and disappeared in the past weeks because it's an important one. Before we get to that, we'd like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless, and cellular in one integrated solution that's built for performance and scale. You can find them at meter.com slash CST. We keep hearing about supply chain hacks, where the bad guys find a company that has not just links, but trusted links to a large number of companies. There have been a number of these over the years, and they have devastating effects, not just on the company that got hacked, but on the tens, hundreds, and many times, the thousands of companies that are their customers. This would seem to be just another example of that. And I hate to say just another example, because this is a big deal. But it also comes from a vulnerability that we might have known about, but may not be paying attention to. I brought in a guest to talk about this, but just an update on that story. As I was preparing for this interview, I got some outreach from David Lindner, a CISO at Contrast Security, and he talked about an example of seeing this breach in the wild. I'm quoting from the email to me. A Context AI employee was downloading Roblox AutoFarm scripts and ended up with an info stealer on their machine. That's the root cause of the Vercel breach, according to David. Attackers harvested credentials from that infection, compromised Context AI's environment, and then used an OAuth token from a Vercel employee who had signed up for Context AI as a personal user with their enterprise account and clicked Allow All. No exploit, no zero day, just an unsanctioned AI tool, an over-permissioned OAuth grant, and a gaming cheat download. He goes on to say that Vercel is now working with Mandiant on a breach that a threat actor is selling for $2 million. In all too many cases, your employees may be doing the same things on their machines right now. The question is whether you know about it. My guest today is Jamie Blasco. He's the CTO of Nudge Security. And I brought him in to talk about what happened to a firm called Vercel and a breach that happened and why this is such a major issue that we might all need to pay attention to. Welcome, Jamie. Thank you, Jim. Thank you for having me. I brought you to talk about what had happened with Vercel. Can you first start by telling our listeners who Vercel is? and what they do just to set the background? Definitely. If you're in IT or you're a developer, you probably know Versal. It's a platform where you can host infrastructure and it's very popular with developers because it's super easy to just host your web application in their infrastructure. So they're pretty big, especially with new companies. So a lot of the new AI startups and startups and use personal stuff like things like AWS and other cloud clouds. And so they host your infrastructure, the tool sets and the things that you can use to produce, I guess, your services, be they websites or products. Is that that I got that right? That's right. So anything that you need to like create an application so they can host websites, databases, any service that you need to run your application, they can do that for you. Okay. Vercel is not a name that I think people who aren't in the industry would know, but if people are working with it, this is a pretty big company. They've got a pretty big reach. It's new. There are rumors that they're thinking about an IPO. So it's probably about timing for this, but definitely if you live in the Bay Area, Vercel is a big company there. And as I said like a lot of you may not know Vercel but you know a lot of their customers right Which are some of these new AI startups and newer startups that use like technology from Versal. So a big company, been breached. Can you describe what happened during that breach? So what do we know? It's Sunday afternoon. I was looking at Twitter and all of a sudden we saw, you know, Versal sent a note on Twitter and they followed a blog post saying that they had a breach. They didn't offer a lot of details around how it happened, which customers have been impacted, what. And the only things that they share is like a subset of their customers have had some of their secrets access through like variables in their environment. And then they share that this happened through a grant that an OAuth grant is basically a system that allows a third party to access your environment. So basically you allow another company to access your Google workspace, in this case, to do things like access files or access your emails. If you have ever used an application that asks you for access to Google Drive, that is what an OAuth grant is. The information that they share is like an employee had created an OAuth grant with a company. At that point, they didn't even share the name of the company. They only gave a technical indicator that you can go and look in your environment. So they didn't disclose who the third party was. Actually, that's when I started doing some research. And I ended up finding who the third party was and actually publishing that on Twitter and other platforms. Apparently, that forced a little bit the Bercel hand to go public with the third party. In this case, the third party was a company called Context AI, which is an AI startup. And apparently, they have had a breach during March, I believe. I believe I'm getting the time. So many weeks ago, they had a breach themselves, and the attackers have been able to steal the credentials to use that OAuth grant and access their customer environments. So this third party is a customer of Vercel or a supplier? Neither. And this is the interesting part where this, what we call shadow IT, shadow AI, plays a role in this bridge, which is a Vercel employee had permitted this grant to get access to the Google Workspace environment in Vercel, but they were not even a customer. Vercel wasn't a customer of Context AI. This was an employee that was using a tool for free. It wasn't even a provider. So it's just an employee doing that thing that we always ask them not to do, downloading software from somewhere, and that stole that OAuth grant. Well, in that case, it allows Context.ai to access the BirdSail environment. And initially, obviously, that's normal, right? Like you want the application that you're using, Context.ai, in this case, to access some files or access some emails to help you with whatever tasks you are performing. But what happened is by having that access, since Context AI got compromised, the attackers were able to use that access to compromise Vercel in this case. Now, a large part of our audience is technical, and maybe this may be just easy for them to understand. But for those who are more in management or aren't on the technical side of this, it's hard to explain to them OAuth, how we connect applications or two applications. That should be pretty secure. How can somebody just steal that access? Yeah, so from a couple of angles here, there are obviously things that you should do and Bercel wasn't doing, which is you have some controls that you can put in place. In the case of Google Workspace, and I'll talk about other providers, but in the case of Google Workspace, as an administrator, you can configure whether your employees can create grants at all, whether they can only create grants with vendors that you have approved, or whether they can create grants as long as they don't have specific permissions. So in this case, I recommend anyone to implement some of those policies where you can do a review of those vendors and those grants before you allow them to connect to your environment. That's the best thing. At the very least you should do an audit of all the grants that are connected in your environment and start disconnecting things that you haven approved that haven gone through a third risk and security analysis and anything that shouldn be connected to your environment what we call high-risk grants, right, which get a lot of access. Many times that access is granted to very small companies that don't have a secure program in place, and you're not aware that they may have access to a lot of information from your environment. Once they've gotten this, in this particular case with Vercel being a supplier to all of these companies, how big was the damage? How much got out that could be damaging the companies in the supply chain? Yeah, so from a Vercel perspective, they really haven't shared how many customers are affected. They keep saying it's a small number. Obviously, we would love to know more details. I think the piece of information that is more important that Vercell is not making public is really how the attackers pivoted from that Google workspace environment to be able to access data from the Vercell platform. Because usually an attacker may have to either find credentials in something like Google Drive, like did the employee have tokens or environment variables or some secret material in Google Drive, or did that grant have access to things like email, and then they were able to use email to do account takeover, things like that. And then there are many questions around if that was the case, like they didn't have MFA enabled. There seems to be a lot of data that we need to learn from Vercel to understand how that happened, because it's an unusual situation. And then I will offer Vercel, and they updated the blog post this morning, and they talk about they have discovered more activity, they have discovered more campaigns, and they're sharing with some Microsoft and others. I will encourage them to share with the community, right, because it's important that all the companies that might be affected learn that information. And I think it will be good for everyone in the industry to really see that information to protect ourselves, protect our customers, and improve as a whole. We're not going to change the structure of OAuth. We can audit it, but basically this is going to happen any time an employee connects to an application. So we're going to have to manage that. Obviously, shadow IT is a problem. If they were to have two-factor authentication, not in this case via email, I guess, if you said that one of the things they could have taken it was email, is there multi-factor authentication that could be put in place that would also mediate this risk? No, not in the case of OAuth. So what I was referring to is like, even let's say that you have a NOAA grant that had access to email, right? And through email, they were able to like forget password, then get an email from that platform, and then change the password and log into it to Vercel. Like MFA in the Vercel account should have stopped that because even if you do an account takeover, you don't have the two-factor authentication that allows to access that account. So MFA doesn't help you with OAuth, unfortunately. And there are other things that you can do, but MFA is not something that, unfortunately, MFA really bypasses. Sorry, OAuth bypasses MFA in this case from a Google perspective. So you might think you're protected thinking we've got MFA, we should be fine. And again, the real answer is you've got to understand in your environment where, how many of these OAuth authorizations you have and how you can control them and make sure they're secure. It sounds like a pretty specific thing. It's not something I wonder if many companies actually do or even understand. How do you, if you're a company listening to this and you don't know what you should do, where should you be going for help and advice on this? And you can say yourself if you want, but I'm just saying, if I'm sitting there and I'm an IT manager and I'm thinking, oh my God, we've got some things in there. Where should you be first going to look for advice? Yeah, definitely. So, yeah, obviously, and if people want to check our platform, that's great. Like, this is something that we help customers with, but obviously there are other resources. There are open source tools, there are materials that Google publish that you can use to, like, really learn about the type of risks and do an audit of your OAuth environment I encourage you to like to use those materials And if you want to use our platforms or other platforms there are some alternatives some vendors that help you really do this at scale Because sometimes you're dealing with thousands of these things. You got to understand which ones are more risky, which ones you need to take action to. And then there's also this concept that we use, which is many times as a security or IT person, you don't have the context to understand why that grant is even there. And you need to interact with the employees to understand, do we need this? What type of data is there? Have there been a secure review? So really, that employee piece is very important, and it's something that we do as a company. Yeah, and I'm not going to diminish Vercel. They're smart people. If it gets by people like that, it can get by anybody, and it's something we should all be paying attention to. Jamie, thank you so much for coming in and talking to us about this. My guest has been Jamie Blasco, the CTO of Nudge Security. So just to reinforce Jamie's advice, none of this required a novel AI attack technique. OAuth is now the new lateral movement. So until the industry treats OAuth tokens as high value, we're going to have to do a lot of work. From what I've found out from our sources, most Google Workspace and Microsoft 365 environments may still be configured to let any employee grant third-party apps access to their enterprise account. Agentic AI is going to make this worse because these platforms sit at the center of a hub of OAuth grants with expansive scopes, usually at young companies without mature security programs behind them. So what do we do about this? One of the suggestions, and Jamie had made this earlier, move to admin managed consent. That's where new apps are reviewed before they can touch corporate data. And that one change would have blocked the Vercel employee from granting Context AI the enterprise-wide scope in the first place. That being said, there are hundreds of SaaS platforms that allow OAuth grants to be created, and most of them allow a block of these grants or to gate this functionality behind an enterprise license. The suggestion again, inventory, which you already have. These OAuth grants apparently accumulate. I'd never thought of it in those terms, but I guess they do. People try a tool, they forget about it, they leave the company, and the grant keeps living in the tenant with whatever scopes it asked for. Quarterly audits aren't enough, especially now that we have these agents using these grants. you need continuous visibility into who granted what, what scopes they granted, and whether the integration is even still being used. That's the best advice I've gotten from the people I've been talking to. And that's our special edition of Cybersecurity Today. This weekend, we have another guest who was an attendee at the RSAC event, and we'll discuss the end of trust. With regard to this episode, please drop me a note and let me know what you thought about it. Was this useful? Do you have questions, issues? All you have to do is go to technewsday.ca or .com and use the Contact Us form. Or if you're watching this on YouTube, leave a comment under the video. We read them all. And that's our show. We'd like to thank Meter for their support in bringing you the podcast. Meter delivers full-stack networking infrastructure, wired, wireless, and cellular, to leading enterprises. Working with their partners, Meter designs, deploys, and manages everything required to get performant, reliable, and secure connectivity in a space. They design the hardware, the firmware, build the software, manage deployments, and run support. It's a single integrated solution that scales from branch offices to warehouses and large campuses to data centers. Book a demo at meter.com slash CST. That's M-E-T-E-R dot com slash CST. David Shipley will be back in the news desk on Monday morning. I'm your host, Jim Love. Thanks for listening.
