According to the Cost of a Data Breach Report, the average cost of a data breach hit an all-time high of $4.35 million in 2022 (increasing from 2.6% a year earlier to 12.7% in 2020). In 2022, 83% of the firms in the survey experienced several data breaches, compared to just 17% in 2021. One of the most significant data breaches in 2022 so far has been the S3 AWS Buckets incident.
What are S3 AWS Buckets?
S3 buckets are scalable, data-available, secure, and fast public cloud storage resources provided by Amazon Web Services (AWS).
S3 buckets are available in two varieties:
- Public – No access restrictions; anyone can access the bucket.
- Private- Only authorised users can access the bucket.
S3 buckets store backups, sensitive data, source code, and other items. Teams can also use S3 buckets for software delivery, fileserver and media hosting, and application hosting because of their user-friendly interface.
AWS Bucket Breaches
In 2021, AWS S3 accounted for roughly 60% of breaches.
Like most data breaches, the AWS bucket incident resulted from an incorrectly configured bucket which exposed 36GB of data to the public. The information leaked included mortgage and customer demographics.
Security expert Chris Vickery conducted a standard search of AWS buckets and came across the repository, which is how Chirs Vickery found the data leak. The data set is owned by Experian, a rival to Equifax, which sells consumer view databases to organisations like Alteryx.
Even though the database did not contain actual names, the information exposed by the leak is complete enough to be merged with names from other data sources.
Recent UK-Wide Data Leaks 2022
MailChimp AWS Buckets
In August 2022, MailChimp revealed it had suffered its second breach in four months, suggesting that a security problem, including phishing and social engineering techniques, had targeted bitcoin and blockchain organisations.
While it is an ongoing investigation, Mailchimp stated that it had suspended accounts when the security team found suspicious behaviour. Mailchimp did not specify the attack’s point of entry or extent.
Flagstar Bank AWS Buckets
The financial sector is a popular target of hackers, with Flagstar Bank falling victim earlier this year.
According to TechCrunch, Flagstar Bank revealed a significant data breach late last year that affected 1.54 million people.
In a letter to customers, Flagstar Bank said:
Flagstar informed customers that it was among the numerous businesses affected by the Accellion attack in January 2021.
Microsoft Bing and Cortana AWS Buckets
The cyber-terrorist group Lapsus$ has been very active throughout 2022.
First appearing in December 2021, Lapsus$ started collecting sensitive and well-known firms’ source code and other valuable information and publishing it in an extortion attempt.
Some of the organisations include:
- Nvidia
- Samsung
- Ubisoft
Lapsus$ appears to have bases in South America and the United Kingdom and uses phishing attacks to infiltrate the targets’ networks.
In March 2022, the attacks hit a peak when Lapsus$ revealed that it had compromised a contractor with access to the internal systems and exposed portions of the source code for Microsoft Bing and Cortana.
Since then, British police have detained seven people associated with the attacks.
Challenges of Configuring AWS Buckets
As suggested earlier, the most successful S3 bucket attacks result from human error, including:
- Unprotected or inadequately protected access
- Phishing links
- Quickly deciphered unsigned URLs
- Incorrectly configured bucket policies
- Access control list (ACL)
- Identity and access management (IAM) permissions
The challenge of buckets is ensuring all the above is correctly configured, as there are several ways to access this secure data. However, if the contents of a bucket are revealed, attackers may:
- Drop the Bucket’s data (Data Breaches)
- Compromise file integrity
- Take the files out of the bucket
- Put dangerous files in the bucket
How can you Secure your S3 AWS Bucket?
Since 82 per cent of organisations mistakenly expose their data to third-party access, S3 security must be a priority. To mitigate this security risk, organisations should secure buckets by:
- Using whitelisting instead of blacklisting gives access rights only to those processes or people requiring them
- Restrict those having the ability to write – never provide everyone with block access
- Use the appropriate ACL list
- Correctly implement the bucket policy
CloudGuard Securing Buckets
Using CloudBots, you can quickly add automatic remediation that permanently activates encryption on existing and newly created buckets.
Get in contact with us for a free Cloud Check-Up, and you will receive a report auditing over 100 compliance checks and configurations within your public cloud instance.
