Sign in
  • News
  • Interviews
  • 2021: The Comeback Year
  • Articles
  • Insights
    • Guest Post
    • Use Cases
    • Events
  • Quick Bytes
  • RESOURCES
Sign in
Welcome!Log into your account
Forgot your password?
Privacy Policy
Password recovery
Recover your password
Search
Saturday, May 21, 2022
  • Sign in / Join
Sign in
Welcome! Log into your account
Forgot your password? Get help
Privacy Policy
Password recovery
Recover your password
A password will be e-mailed to you.
ITSECURITYWIRE FAVCON ITSECURITYWIRE FAVCON ITSecurityWire
  • News
  • Interviews
  • 2021: The Comeback Year
  • Articles
  • Insights
    • Guest Post
    • Use Cases
    • Events
  • Quick Bytes
  • RESOURCES
Home News Lightspin Research Team Discovers Cross-Account Attack Path Leveraging Dangerous S3 Bucket Permissions...
  • News

Lightspin Research Team Discovers Cross-Account Attack Path Leveraging Dangerous S3 Bucket Permissions on AWS

By
ITsec Bureau
-
June 4, 2021
67
Lightspin Research Team Discovers Cross-Account Attack Path Leveraging Dangerous S3 Bucket Permissions on AWS-01

Lightspin, a pioneer in contextual cloud security that simplifies and prioritizes cloud security for cloud and Kubernetes environments, announced today the discovery of a new method of cross-account attack, leveraging AWS S3 buckets. If leveraged, this attack can cause a real and measurable impact to a business’ bottom line, by opening up certain AWS buckets to unauthorized writes from any AWS account.

Lightspin found this potential misconfiguration as part of its ongoing research into AWS S3 buckets, while researching examples of S3 buckets using the standard AWS bucket permissions. Misconfigured S3 buckets have caused many high-profile attacks, including Booz Allen Hamilton that exposed 60,000 files related to the Dept of Defense and Verizon’s recent exposure of more than 6 million customer accounts.

Also Read: How the Global Digitalization Has Changed the Future of Cyber-Security

After inspecting 40,000 Amazon S3 buckets, Lightspin found that, on average, the “objects can be public” permission applies to 42% of an organization’s objects on AWS overall. 
During the research, Lightspin discovered that it’s possible for hackers using AWS Cloudtrail and Config to write to buckets held by other accounts even if those buckets aren’t public. This is due to the fact that even private buckets can have policies that allow access from any AWS account.  Cross-Account attacks on AWS services are difficult to detect and thus can remain undetected for a long time.

“AWS doesn’t provide the ability to drill down from a bucket to see the status of all the objects it contains.” said Vladi Sandler, CEO of Lightspin. “In order to be sure that objects are “safe”, its necessary to go through each object’s ACL to check if it is open to the public. We recognize that organizations need better context, so we have developed an open-source scanner that provides exactly this – the visibility and the context to know exactly what objects are publicly accessible, at a glance.”

While Lightspin only checked Cloudtrail and Config, other AWS Services that use S3 buckets to store their data by default may also be at risk from this misconfiguration attack path, and in those cases, may even provide read permissions.

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.

  • TAGS
  • AWS bucket permissions
  • cloud security for cloud
  • contextual cloud security
  • Cross-Account Attack
  • Kubernetes environments
  • Leveraging Dangerous S3
  • Lightspin Research Team
Previous articleData Encryption Cyber Security Software Firm, DAtAnchor, Inc., Offers Affordable CMMC v1.02 Compliance for Office, CAD, Video, and Voice Files.
Next articleLoomis Appoints Stellan Abrahamsson as Chief Risk Officer
ITsec Bureau
http://itsecuritywire.com/

RELATED ARTICLESMORE FROM AUTHOR

Action1 Launches Its Modern RMM Platform for Free to Organizations Using Other RMM Tools-01

Action1 Launches Its Modern RMM Platform for Free to Organizations Using Other RMM Tools

Trilio Unveils Technology Preview of 'Continuous Recovery'_ Offering Cloud-Native Application Portability and Recoverability to Different Infrastructures in Seconds-01

Trilio Unveils Technology Preview of ‘Continuous Recovery’, Offering Cloud-Native Application Portability and Recoverability to Different Infrastructures in Seconds

Dig Bags _11M for the first cloud Data Detection and Response solution-01

Dig Bags $11M for the first cloud Data Detection and Response solution

Latest posts

Cloudflare Announces New Email_ Application_ and API Security Tools-01

Cloudflare Announces New Email, Application, and API Security Tools

March 17, 2022
Zip Expands into Europe and the Middle East_ with the Acquisitions of European BNPL Provider Twisto and UAE-based Spotii

Zip Expands into Europe and the Middle East, with the Acquisitions of European BNPL Provider...

May 24, 2021
Meyer Shank Racing Partners with Arctic Wolf

Meyer Shank Racing Partners with Arctic Wolf

December 23, 2021
CYFIRMA launches Threat Visibility and Cyber Intelligence Capabilities in AWS Marketplace; joins AWS ISV Accelerate Program

CYFIRMA launches Threat Visibility and Cyber Intelligence Capabilities in AWS Marketplace; joins AWS ISV Accelerate...

August 17, 2021
Boston-based Rapid7 Buys Intsights for _335 Million-01-01

Boston-based Rapid7 Buys Intsights for $335 Million

July 21, 2021


An invaluable resource for all your IT security initiatives and assets.

Knowledge sharing platform for all IT security needs and plans. Peer to peer conversations that leverage industry experts and leaders for ideas, opinions and business insights.

Media@ITSecurityWire.com
Sales@ITSecurityWire.com

Recent Posts

  • Maintaining IT Infrastructure and Application Security in A Dynamic Environment
  • Managed Service Providers Should Be Alert and Strengthen Cyber defenses
  • Why Enterprises Need to Adopt an Offensive Mindset for Cyber Defense
  • Critical Flaw in Premium WordPress Themes Permits Site Takeover
  • Phishers Add Chatbot to the Phishing Lure

Visit Our Other Publication

Quick Links

  • About Us
  • News
  • Featured Articles
  • Featured Interview
  • Guest Post
  • Privacy Policy
  • Do Not Sell My Information
An Imprint of OnDot ® Media © | All rights reserved | Privacy Policy