AWS Trusted Advisor Tricked Into Showing Unprotected S3 Buckets as Secure

Posted on By CWS

AWS has addressed a weak spot that might have been leveraged by attackers to forestall AWS Trusted Advisor from flagging unprotected S3 buckets as a threat.

AWS Trusted Advisor is designed to investigate clients’ environments and supply suggestions for enhancements in areas resembling price, efficiency, and safety. A number of security-related Trusted Advisor checks are supplied without cost, together with safety group settings, IAM person entry, multi-factor authentication, and S3 bucket permissions.

The S3 bucket permissions verify alerts customers when their buckets have open entry permissions or enable entry to any authenticated AWS person. 

Researchers at Fog Safety found that an attacker may get Trusted Advisor to not alert customers about public buckets by setting the S3 bucket insurance policies to disclaim ‘s3:GetBucketAcl’, ‘s3:GetPublicAccessBlock’ or ‘s3:GetBucketPolicyStatus’ actions. 

After bypassing Trusted Advisor’s S3 safety verify, the researchers confirmed how an attacker may have configured a bucket with public and nameless permissions through bucket insurance policies and ACLs, enabling knowledge exfiltration with out triggering an alert. 

It’s price noting that an attacker would want to first acquire entry to the goal’s AWS atmosphere earlier than finishing up these actions. 

Fog Safety reported its findings to AWS in early Might and a complete repair was rolled out in late June — an incomplete patch was deployed in late Might. 

AWS has notified clients concerning the concern and pointed them to documentation pages overlaying S3 bucket permissions and blocking public entry to S3 storage. Commercial. Scroll to proceed studying.

“As a safety finest follow, we suggest clients overview their S3 bucket permissions and guarantee they align with their safety necessities,” an AWS spokesperson advised SecurityWeek. “When S3 bucket insurance policies forestall Trusted Advisor from performing sure actions […], clients ought to anticipate to see a ‘Warn’ standing of their Trusted Advisor verify. Beforehand, these buckets had been incorrectly listed as ignored and probably displayed incorrect standing indicators for public entry settings.”

Associated: Distributors Unveil New Cloud Safety Merchandise, Options at AWS re:Invent 2024

Associated: Compromised AWS Keys Abused in Codefinger Ransomware Assaults

Associated: Vulnerability Allowed Takeover of AWS Apache Airflow Service

Security Week News Tags:, , , , , , ,

Related Posts

Impostor Uses AI to Impersonate Rubio and Contact Foreign and US Officials Security Week News
Thousands of SaaS Apps Could Still Be Susceptible to nOAuth Security Week News
Louis Vuitton Data Breach Hits Customers in Several Countries Security Week News
How Scammers Are Using AI to Steal College Financial Aid Security Week News
Should We Trust AI? Three Approaches to AI Fallibility Security Week News
Managing the Trust-Risk Equation in AI: Predicting Hallucinations Before They Strike Security Week News