Image: CyberArk
Cyber security firm CyberArk today launched a new free tool that can detect “shadow administrator accounts” within cloud environments like Amazon Web Services (AWS) and Microsoft Azure.
The new tool, called SkyArk, comes with two components, namely AWStealth and AzureStealth, each for scanning a company’s respective AWS and Azure environments.
Both components work by scanning a company’s complete list of AWS or Azure accounts and the permissions assigned to each user, looking for so-called “shadow administrators.”
The term, rather rare, describes low-level accounts that receive basic permissions that, when combined, can grant the user extended or full administrator-level access to the AWS or Azure infrastructure, but without the intention of the user to have so much control.
Furthermore, shadow administrators can also be created by accident when companies integrate cloud environments with local assets, resulting in unanticipated interactions and access to company data and resources, in certain scenarios.
AWStealth scan results
Image: CyberArk
AzureStealth analysis results
Image: CyberArk
“While organizations may be familiar with their list of simple administrative accounts, shadow administrators are much more difficult to discover because of the thousands of permissions that exist in standard cloud environments (that is, AWS and Azure each have more than 5,000 different permissions) “, CyberArk said today
“As a result, there are many cases where shadow managers could be created,” the company said.
The new SkyArk tool has been open source on GitHub today.
The tool comes with the proper documentation to start system administrators.
SkyArk is the second open source tool CyberArk released this year. In April, the company launched SkyWrapper, a tool that can scan AWS infrastructure and detect if hackers have abused self-replicating tokens to keep access to compromised systems.
