• News
  • Interviews
  • Articles
  • Podcasts
  • Insights
    • Future Ready
    • Guest Post
    • Use Cases
    • Events
  • Quick Bytes
  • RESOURCES
Sign in
Welcome!Log into your account
Forgot your password?
Privacy Policy
Password recovery
Recover your password
Search
Thursday, June 1, 2023
Sign in
Welcome! Log into your account
Forgot your password? Get help
Privacy Policy
Password recovery
Recover your password
A password will be e-mailed to you.
ITSECURITYWIRE FAVCON ITSECURITYWIRE FAVCON ITSecurityWire
  • News
  • Interviews
  • Articles
  • Podcasts
  • Insights
    • Future Ready
    • Guest Post
    • Use Cases
    • Events
  • Quick Bytes
  • RESOURCES
Home News Lightspin Research Team Discovers Cross-Account Attack Path Leveraging Dangerous S3 Bucket Permissions...
  • News

Lightspin Research Team Discovers Cross-Account Attack Path Leveraging Dangerous S3 Bucket Permissions on AWS

By
ITsec Bureau
-
June 4, 2021
80
Lightspin Research Team Discovers Cross-Account Attack Path Leveraging Dangerous S3 Bucket Permissions on AWS-01

Lightspin, a pioneer in contextual cloud security that simplifies and prioritizes cloud security for cloud and Kubernetes environments, announced today the discovery of a new method of cross-account attack, leveraging AWS S3 buckets. If leveraged, this attack can cause a real and measurable impact to a business’ bottom line, by opening up certain AWS buckets to unauthorized writes from any AWS account.

Lightspin found this potential misconfiguration as part of its ongoing research into AWS S3 buckets, while researching examples of S3 buckets using the standard AWS bucket permissions. Misconfigured S3 buckets have caused many high-profile attacks, including Booz Allen Hamilton that exposed 60,000 files related to the Dept of Defense and Verizon’s recent exposure of more than 6 million customer accounts.

Also Read: How the Global Digitalization Has Changed the Future of Cyber-Security

After inspecting 40,000 Amazon S3 buckets, Lightspin found that, on average, the “objects can be public” permission applies to 42% of an organization’s objects on AWS overall. 
During the research, Lightspin discovered that it’s possible for hackers using AWS Cloudtrail and Config to write to buckets held by other accounts even if those buckets aren’t public. This is due to the fact that even private buckets can have policies that allow access from any AWS account.  Cross-Account attacks on AWS services are difficult to detect and thus can remain undetected for a long time.

“AWS doesn’t provide the ability to drill down from a bucket to see the status of all the objects it contains.” said Vladi Sandler, CEO of Lightspin. “In order to be sure that objects are “safe”, its necessary to go through each object’s ACL to check if it is open to the public. We recognize that organizations need better context, so we have developed an open-source scanner that provides exactly this – the visibility and the context to know exactly what objects are publicly accessible, at a glance.”

While Lightspin only checked Cloudtrail and Config, other AWS Services that use S3 buckets to store their data by default may also be at risk from this misconfiguration attack path, and in those cases, may even provide read permissions.

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.

  • TAGS
  • AWS bucket permissions
  • cloud security for cloud
  • contextual cloud security
  • Cross-Account Attack
  • Kubernetes environments
  • Leveraging Dangerous S3
  • Lightspin Research Team
Previous articleData Encryption Cyber Security Software Firm, DAtAnchor, Inc., Offers Affordable CMMC v1.02 Compliance for Office, CAD, Video, and Voice Files.
Next articleLoomis Appoints Stellan Abrahamsson as Chief Risk Officer
ITsec Bureau
https://itsecuritywire.com/
The ITSecurityWire Bureau has well-trained writers and journalists, well versed in the B2B Information technology industry, and constantly in touch with industry leaders for the latest trends, opinions, and other inputs in cybersecurity to bring you the best and latest in the domain.

RELATED ARTICLESMORE FROM AUTHOR

Dig Security Secures Strategic Investment from Samsung Ventures for Cloud Data Security Posture Management (DSPM)

Dig Security Secures Strategic Investment from Samsung Ventures for Cloud Data Security Posture Management (DSPM)

Checkmarx Announces First GenAI-powered AppSec Platform, Empowering Developers and AppSec Teams to Find and Fix Vulnerabilities Faster

Checkmarx Announces First GenAI-powered AppSec Platform, Empowering Developers and AppSec Teams to Find and Fix Vulnerabilities Faster

Uptycs Seamlessly Integrates with Amazon Security Lake to Allow the Correlation of its CNAPP and XDR Security Telemetry with a Large Ecosystem of Security Tools

Uptycs Seamlessly Integrates with Amazon Security Lake to Allow the Correlation of its CNAPP and XDR Security Telemetry with a Large Ecosystem of Security...

Latest posts

Syxsense

Syxsense Confirms There is Zero SolarWinds® Orion® in its Environment and is Not a SolarWinds...

December 24, 2020
MedCrypt Wins Cybersecurity Contracts From Three Major Surgical Robotics Companies to Help Drive Secure Innovation-01 (1)

MedCrypt Lands Three Cybersecurity Contracts

March 13, 2022
Code42 Expedites Insider Risk Response Using Automated Slack Workflows

Code42 Expedites Insider Risk Response Using Automated Slack Workflows

April 5, 2021

DTEX Systems Releases New Privacy-First ‘PULSE’ Workforce Cyber Intelligence Product to Enable the Workforce of...

August 18, 2022
Datadog Completes Acquisition of Ozcode

Datadog Completes Acquisition of Ozcode

November 5, 2021


An invaluable resource for all your IT security initiatives and assets.

Knowledge sharing platform for all IT security needs and plans. Peer to peer conversations that leverage industry experts and leaders for ideas, opinions and business insights.

Media@ITSecurityWire.com
Sales@ITSecurityWire.com

Recent Posts

  • Dig Security Secures Strategic Investment from Samsung Ventures for Cloud Data Security Posture Management (DSPM)
  • Password Management for Businesses
  • Top API Security Risks and Solutions
  • OCR Labs Rebrands as IDVerse
  • Alcion Provides an AI-Driven Backup-as-a-Service Platform for Microsoft 365

Visit Our Other Publication



Quick Links

  • About Us
  • News
  • Featured Articles
  • Featured Interview
  • Guest Post
  • Learning Center
  • Privacy Policy
  • Do Not Sell My Information
  • About Us
  • News
  • Featured Articles
  • Featured Interview
  • Guest Post
  • Learning Center
  • Privacy Policy
  • Do Not Sell My Information
An Imprint of OnDot ® Media © | All rights reserved | Privacy Policy