Numerous cloud systems could have their data compromised through a pair of novel attack techniques exploiting the Styra Open Policy Agent policy-as-code engine and HashiCorp Terraform infrastructure-as-code tool, according to The Hacker News.
Aside from leveraging stolen access keys to compromise OPA servers with a malicious Rego policy that could facilitate credential exfiltration, threat actors could also circumvent 'http.send' function restrictions by exploiting DNS tunneling with the 'net.lookup_ip_addr' function, a report from Tenable found. On the other hand, Terraform could be targeted through the exploitation of the 'terraform plan' command to run malicious data sources. "This poses a risk, as an external attacker in a public repository or a malicious insider (or an external attacker with a foothold) in a private repository could exploit a pull request for their malicious objectives," said Tenable researchers, who not only urged the adoption of granular role-based access controls and app- and cloud-level tracking and analysis logs but also warned against automated execution of CI/CD pipeline code.