Increased attacker focus on exposed cloud services, specifically AWS Simple Storage Service (S3) Buckets
Amazon’s cloud-based Simple Storage Service Buckets, colloquially referred to as “S3 Buckets”, have been a recent focus of attackers and security researchers. With the advent of new open source and publicly-available tools to search for improperly configured S3 buckets, bad actors and information security firms have found many cases where the buckets’ owners have inadvertently granted access to every user on the Internet.
In moving to cloud-hosted services, many organizations have failed to heed widespread warnings with this message:
Organizations must secure and monitor cloud-based services just as strongly as with traditional on-premise infrastructure.
The impact from exposure of Amazon S3 is varied, depending on an organization’s adoption and configuration of Amazon’s cloud-based storage infrastructure:
Known adoption of Amazon S3: The risk level varies from low to critical, depending on individual bucket configuration for read/write access, a granularity of defined accesses, types of content stored, and use cases for the stored content. The overall level of risk would be determined by these factors and will be different for each individual bucket within an organization’s cloud infrastructure.
No known adoption of Amazon S3: The current risk is undefined, and merits analysis to identify whether your organization is using S3 and if it is – see above.
InGuardians recommends performing a self-assessment of existing S3 Buckets using currently available tools, such as AWSBucketDump and BuckHacker. Results of these tools should then undergo a thorough inventory and risk analysis.
In addition to these open source tools, Amazon makes the AWS Trusted Advisor tool available to customers with a Business or Enterprise-level support plan. Trusted Advisor can analyze an AWS environment, including its S3 buckets, and make best practice recommendations.
Tesla Cryptojacked by Currency Miners
AWSBucketDump, an Open Source S3 Bucket Search Tool
BuckHacker, an S3 Search Engine
AWS S3 Documentation: Which Access Control Method Should I Use?
AWS Trusted Advisor