Misconfigured Amazon S3 Buckets paves the way for man-in-the-middle attacks!

Misconfigured Amazon Web Service (AWS) S3 buckets are found to be enabling man-in-the-middle (MITM) attacks on servers that contains data from leading news media, retail and other well-known cloud services.

Dubbed as GhostWriter, the problem according to Skyhigh Networks Chief Scientists Sekhar Sarukkai, is said to differ from other kinds of recent attacks that paved the access to servers. Instead of allowing public writes, a third party can launch a MITM attack via these misconfigured AWS.

He also said that, among a sample of 1,600 S3 Buckets, about 4 percent were exposed to this attack `due to configuration errors made by the Bucket owners and not the storage provider.

“ These exposed 3rd party Buckets are wide ranging and have a long tail distribution that includes Buckets owned by leading national news/media sites, large retail stores, popular cloud services, and leading advertisement networks. The breadth of this exposure necessitates both enterprises accessing this content from their networks and owners of this data resident in S3 to take actions to protect themselves from malicious actors,” Sarukkai said.

Sarukkai' s primary takeaway is S3 Bucket security requires both the customer and storage provider to take proper precautions during the configuration process.

“ We have noticed that Bucket owners have either carelessly allowed public writes or have not fully understood the ramifications of read and write ACL controls, or the semantics of AWS “ Authenticated Users” &ndash all of which contribute towards a wide open environment for 3rd parties to exploit the trusted interactions,” he said.

Another important issue that is least talked about is that any S3 Bucket that will allow a public write, even if it just stores something as innocuous images or documents are vulnerable and endanger not only the enterprise operating the Bucket, but anyone else who interacts with that organization through a MITM attack.

Sarukkai recommends that those operating S3 Buckets audit their content to ensure an unauthorized party is not overwriting their code or using the server for cryptocurrency mining.

Tag : AWS –CLI
FAQ
Q
Does Amazon store its own data in Amazon S3?
A
Yes. Developers within Amazon use Amazon S3 for a wide variety of projects. Many of these projects use Amazon S3 as their authoritative data store and rely on it for business-critical operations.
Q
What does Amazon do with my data in Amazon S3?
A
Amazon will store your data and track its associated usage for billing purposes. Amazon will not otherwise access your data for any purpose outside of the Amazon S3 offering, except when required to do so by law. Please refer to the Amazon Web Services Licensing Agreement for details.
Q
What kind of data can I store in Amazon S3?
A
You can store virtually any kind of data in any format. Please refer to the Amazon Web Services Licensing Agreement for details as given below "https://aws.amazon.com/agreement/"
Q
What can developers do with Amazon S3 that they could not do with an on-premises solution?
A
Amazon S3 enables any developer to leverage Amazon’s own benefits of massive scale with no up-front investment or performance compromises. Developers are now free to innovate knowing that no matter how successful their businesses become, it will be inexpensive and simple to ensure their data is quickly accessible, always available, and secure.
Q
How can I get started using Amazon S3?
A
To sign up for Amazon S3, click this link. You must have an Amazon Web Services account to access this service; if you do not already have one, you will be prompted to create one when you begin the Amazon S3 sign-up process. After signing up, please refer to the Amazon S3 documentation and sample code in the Resource Center to begin using Amazon S3.