CISA recommended that organizations immediately apply patches along with additional mitigations, which include monitoring and reviewing Microsoft Entra audit logs, Entra sign-in, and unified audit logs, implementing a conditional access policy to limit authentication within single-tenant applications, and rotating application secrets and credentials on Commvault Metallic applications.
Omri Weinberg, CEO at DoControl, connects the incident to a broader trend. “Attackers are pivoting from endpoint and network-based attacks to exploiting over-permissioned SaaS environments and misconfigured cloud applications,” Weinberg said. “Security teams need to treat SaaS with the same rigor as traditional infrastructure – starting with strong access governance, continuous monitoring of third-party app integrations, and limiting the blast radius through least privilege access.”
Internal investigation did not reveal any unauthorized access to customer backup data that Commvault stores and protects, the company had said in a statement in May, adding that it expects no material impact on Commvault’s business operations or its ability to deliver products and services.
