Hackers can achieve public write access to write files to protected S3 buckets and store data at a victim’s expense
Lightspin, a pioneer in contextual cloud security that simplifies and prioritizes cloud security for cloud and Kubernetes environments, announced the discovery of a new method of cross-account attack, leveraging AWS S3 buckets. If leveraged, this attack can cause a real and measurable impact to a business’ bottom line, by opening up certain AWS buckets to unauthorized writes from any AWS account.
Recommended ITech News: Tencent Cloud Launches Four New Internet Data Centers in Bangkok, Frankfurt, Hong Kong and Tokyo
Lightspin found this potential misconfiguration as part of its ongoing research into AWS S3 buckets, while researching examples of S3 buckets using the standard AWS bucket permissions. Misconfigured S3 buckets have caused many high-profile attacks, including Booz Allen Hamilton that exposed 60,000 files related to the Dept of Defense and Verizon’s recent exposure of more than 6 million customer accounts.
After inspecting 40,000 Amazon S3 buckets, Lightspin found that, on average, the “objects can be public” permission applies to 42% of an organization’s objects on AWS overall. During the research, Lightspin discovered that it’s possible for hackers using AWS Cloudtrail and Config to write to buckets held by other accounts even if those buckets aren’t public. This is due to the fact that even private buckets can have policies that allow access from any AWS account. Cross-Account attacks on AWS services are difficult to detect and thus can remain undetected for a long time.
“AWS doesn’t provide the ability to drill down from a bucket to see the status of all the objects it contains,” said Vladi Sandler, CEO of Lightspin. “In order to be sure that objects are “safe”, its necessary to go through each object’s ACL to check if it is open to the public. We recognize that organizations need better context, so we have developed an open-source scanner that provides exactly this – the visibility and the context to know exactly what objects are publicly accessible, at a glance.”
Recommended ITech News: Kingston Technology Wins Coveted Global InfoSec Awards During RSA Conference 2021