Varonis Blog Burning Data with Malicious Firewall Rules in Azure SQL Server

Varonis Threat Labs uncovered a vulnerability in the Azure portal that can lead to sudden and significant data loss. By manipulating the name of server-level firewall rules through TSQL, a threat actor with privileged access to an Azure SQL Server can inject an implant that, based on specific user actions, deletes arbitrary Azure resources that the user has permissions for. The impact of a threat actor exploiting this vulnerability could be large-scale data loss in the affected Azure account.