Misconfigured Amazon S3 Buckets paves the way for man-in-the-middle attacks!
Misconfigured Amazon Web Service (AWS) S3 buckets are found to be enabling man-in-the-middle (MITM) attacks on servers that contains data from leading news media, retail and other well-known cloud services.
Dubbed as GhostWriter, the problem according to Skyhigh Networks Chief Scientists Sekhar Sarukkai, is said to differ from other kinds of recent attacks that paved the access to servers. Instead of allowing public writes, a third party can launch a MITM attack via these misconfigured AWS.
He also said that, among a sample of 1,600 S3 Buckets, about 4 percent were exposed to this attack `due to configuration errors made by the Bucket owners and not the storage provider.
“ These exposed 3rd party Buckets are wide ranging and have a long tail distribution that includes Buckets owned by leading national news/media sites, large retail stores, popular cloud services, and leading advertisement networks. The breadth of this exposure necessitates both enterprises accessing this content from their networks and owners of this data resident in S3 to take actions to protect themselves from malicious actors,” Sarukkai said.
Sarukkai' s primary takeaway is S3 Bucket security requires both the customer and storage provider to take proper precautions during the configuration process.
“ We have noticed that Bucket owners have either carelessly allowed public writes or have not fully understood the ramifications of read and write ACL controls, or the semantics of AWS “ Authenticated Users” &ndash all of which contribute towards a wide open environment for 3rd parties to exploit the trusted interactions,” he said.
Another important issue that is least talked about is that any S3 Bucket that will allow a public write, even if it just stores something as innocuous images or documents are vulnerable and endanger not only the enterprise operating the Bucket, but anyone else who interacts with that organization through a MITM attack.
Sarukkai recommends that those operating S3 Buckets audit their content to ensure an unauthorized party is not overwriting their code or using the server for cryptocurrency mining.
Comments ( 0 )
No comments available