AWS Trusted Advisor Tricked Into Showing Unprotected S3 Buckets as Secure

Posted on By CWS

AWS has addressed a weak spot that might have been leveraged by attackers to forestall AWS Trusted Advisor from flagging unprotected S3 buckets as a threat.

AWS Trusted Advisor is designed to investigate clients’ environments and supply suggestions for enhancements in areas resembling price, efficiency, and safety. A number of security-related Trusted Advisor checks are supplied without cost, together with safety group settings, IAM person entry, multi-factor authentication, and S3 bucket permissions.

The S3 bucket permissions verify alerts customers when their buckets have open entry permissions or enable entry to any authenticated AWS person. 

Researchers at Fog Safety found that an attacker may get Trusted Advisor to not alert customers about public buckets by setting the S3 bucket insurance policies to disclaim ‘s3:GetBucketAcl’, ‘s3:GetPublicAccessBlock’ or ‘s3:GetBucketPolicyStatus’ actions. 

After bypassing Trusted Advisor’s S3 safety verify, the researchers confirmed how an attacker may have configured a bucket with public and nameless permissions through bucket insurance policies and ACLs, enabling knowledge exfiltration with out triggering an alert. 

It’s price noting that an attacker would want to first acquire entry to the goal’s AWS atmosphere earlier than finishing up these actions. 

Fog Safety reported its findings to AWS in early Might and a complete repair was rolled out in late June — an incomplete patch was deployed in late Might. 

AWS has notified clients concerning the concern and pointed them to documentation pages overlaying S3 bucket permissions and blocking public entry to S3 storage. Commercial. Scroll to proceed studying.

“As a safety finest follow, we suggest clients overview their S3 bucket permissions and guarantee they align with their safety necessities,” an AWS spokesperson advised SecurityWeek. “When S3 bucket insurance policies forestall Trusted Advisor from performing sure actions […], clients ought to anticipate to see a ‘Warn’ standing of their Trusted Advisor verify. Beforehand, these buckets had been incorrectly listed as ignored and probably displayed incorrect standing indicators for public entry settings.”

Associated: Distributors Unveil New Cloud Safety Merchandise, Options at AWS re:Invent 2024

Associated: Compromised AWS Keys Abused in Codefinger Ransomware Assaults

Associated: Vulnerability Allowed Takeover of AWS Apache Airflow Service

Security Week News Tags:, , , , , , ,

Related Posts

Scalekit Raises $5.5 Million to Secure AI Agent Authentication Security Week News
Cisco Patches Critical ISE Vulnerability With Public PoC Security Week News
SonicWall Hunts for Zero-Day Amid Surge in Firewall Exploitation Security Week News
Spiking Neural Networks: Brain-Inspired Chips That Could Keep Your Data Safe Security Week News
Cyberattack On Russian Airline Aeroflot Causes the Cancellation of More Than 100 Flights Security Week News
Rising Tides: Kelley Misata on Bringing Cybersecurity to Nonprofits Security Week News