720-891-1663
Return to the list of client alerts
Ponder this:
Abandoned AWS S3 buckets could be reused to hijack the global software supply chain in an attack that would make Russia’s “SolarWinds adventures look amateurish and insignificant,” watchTowr Labs security researchers have claimed.
In one experiment, the researchers found about 150 Amazon cloud storage buckets that were long gone but applications and websites were still trying to pull software from them. This means that **YOUR COMPANY** could be at risk if you were accessing one of these abandoned buckets.
The buckets had been previously owned or used by governments, Fortune 500 firms, technology and cybersecurity companies and major open source projects.
The researchers spent a grand total of $420.85 to re-register these S3 buckets with the same names and turned on logging to see what files were being requested. If they then put infected, malicious files with these names in those buckets, you are, as they say, TOAST.
During the time they were testing, they received over 8 million incoming requests from government agencies and Fortune 500 companies, among others.
MORE IMPORTANTLY, WHILE THIS EXPERIMENT USED EXPIRED AWS BUCKETS, THAT IS ONLY THE TIP OF THE ICEBERG.
The attack, the researchers say, would be terrifying simple – if you have a stolen credit card with $420 of headroom on it.
The researchers are the good guys in this case and they got AWS to black hole all of these buckets so an attacker could not use these 150 buckets against you.
That probably leaves a million of these available, at thousands of cloud providers, for hackers to leverage.
What is the takeaway?
Make sure that you secure your resources so that attackers can’t use them against your customers and make sure that the resources that you are reaching out to are really the resources you think you are reaching out to.
Need help? Please contact us.
Credit:: The Register