Get in Touch Close Menu

AWS Buckets: There’s a Hole in my Bucket – Securing your Data in the Cloud 

6 September 2022

According to the Cost of a Data Breach Report, the average cost of a data breach hit an all-time high of $4.35 million in 2022 (increasing from 2.6% a year earlier to 12.7% in 2020). In 2022, 83% of the firms in the survey experienced several data breaches, compared to just 17% in 2021.  One of the most significant data breaches in 2022 so far has been the S3 AWS Buckets incident.   

What are S3 AWS Buckets?   

S3 buckets are scalable, data-available, secure, and fast public cloud storage resources provided by Amazon Web Services (AWS).   

S3 buckets are available in two varieties:   

  • Public – No access restrictions; anyone can access the bucket.   
  • Private- Only authorised users can access the bucket.   

S3 buckets store backups, sensitive data, source code, and other items. Teams can also use S3 buckets for software delivery, fileserver and media hosting, and application hosting because of their user-friendly interface.   

AWS Bucket Breaches 

In 2021, AWS S3 accounted for roughly 60% of breaches.  

Like most data breaches, the AWS bucket incident resulted from an incorrectly configured bucket which exposed 36GB of data to the public. The information leaked included mortgage and customer demographics.   

Security expert Chris Vickery conducted a standard search of AWS buckets and came across the repository, which is how Chirs Vickery found the data leak. The data set is owned by Experian, a rival to Equifax, which sells consumer view databases to organisations like Alteryx.   

Even though the database did not contain actual names, the information exposed by the leak is complete enough to be merged with names from other data sources.   

Recent UK-Wide Data Leaks 2022   

MailChimp AWS Buckets 

In August 2022, MailChimp revealed it had suffered its second breach in four months, suggesting that a security problem, including phishing and social engineering techniques, had targeted bitcoin and blockchain organisations.  

While it is an ongoing investigation, Mailchimp stated that it had suspended accounts when the security team found suspicious behaviour. Mailchimp did not specify the attack’s point of entry or extent.   

Flagstar Bank AWS Buckets  

The financial sector is a popular target of hackers, with Flagstar Bank falling victim earlier this year.   

According to TechCrunch, Flagstar Bank revealed a significant data breach late last year that affected 1.54 million people.   

In a letter to customers, Flagstar Bank said:   

“After an extensive forensic investigation and manual document review, we discovered on June 2, 2022, that certain impacted files containing your personal information were accessed and acquired from our network.”   

Flagstar informed customers that it was among the numerous businesses affected by the Accellion attack in January 2021.   

Microsoft Bing and Cortana AWS Buckets   

The cyber-terrorist group Lapsus$ has been very active throughout 2022.  

First appearing in December 2021, Lapsus$ started collecting sensitive and well-known firms’ source code and other valuable information and publishing it in an extortion attempt.  

Some of the organisations include:  

  • Nvidia  
  • Samsung  
  • Ubisoft  

Lapsus$ appears to have bases in South America and the United Kingdom and uses phishing attacks to infiltrate the targets’ networks.   

In March 2022, the attacks hit a peak when Lapsus$ revealed that it had compromised a contractor with access to the internal systems and exposed portions of the source code for Microsoft Bing and Cortana.  

Since then, British police have detained seven people associated with the attacks.  

Challenges of Configuring AWS Buckets   

As suggested earlier, the most successful S3 bucket attacks result from human error, including:  

  • Unprotected or inadequately protected access  
  • Phishing links 
  • Quickly deciphered unsigned URLs 
  • Incorrectly configured bucket policies  
  • Access control list (ACL) 
  • Identity and access management (IAM) permissions  

The challenge of buckets is ensuring all the above is correctly configured, as there are several ways to access this secure data. However, if the contents of a bucket are revealed, attackers may:  

  • Drop the Bucket’s data (Data Breaches)  
  • Compromise file integrity 
  • Take the files out of the bucket   
  • Put dangerous files in the bucket   

How can you Secure your S3 AWS Bucket?   

Since 82 per cent of organisations mistakenly expose their data to third-party access, S3 security must be a priority. To mitigate this security risk, organisations should secure buckets by:  

  • Using whitelisting instead of blacklisting gives access rights only to those processes or people requiring them 
  • Restrict those having the ability to write – never provide everyone with block access 
  • Use the appropriate ACL list 
  • Correctly implement the bucket policy 

CloudGuard Securing Buckets   

With the CloudGuard tool, you can quickly determine whether any of your S3 buckets are encrypted by running a simple query over hundreds of them.   

Using CloudBots, you can quickly add automatic remediation that permanently activates encryption on existing and newly created buckets.   

AWS Buckets S3

Get in contact with us for a free Cloud Check-Up, and you will receive a report auditing over 100 compliance checks and configurations within your public cloud instance. 

Related Articles

Threat Intelligence on Recent Cyberattack by CL0P Ransomware Group   
24 August 2022

The CL0P ransomware group claimed responsibility for the attack on UK-based utility provider South Staffordshire Water. However, they have said there is no impact on the water supply or drinking water safety. 

On its extortion website, CL0P uploaded a vast collection of stolen papers. These included passport scans, spreadsheets with administrator passwords, drivers’ licences, and, concerningly, screenshots of administration interfaces of wastewater treatment systems.  

Find Out More
Build a Business Case for a MSSP
18 August 2022

There are two options for organisations to manage and protect to their systems from threats.

The first is in-house security management. An in-house option is one where you have a dedicated team or person responsible for managing your cybersecurity. Ordinarily, in-house staff would be led by a Head of IT or Chief Information Security Officer (CISO) (or similar).

The other option is outsourcing your cybersecurity as a managed service. 

Find Out More
Five Ways to Reduce your Cyber Exposure 
1 August 2022

Improving your cybersecurity to reduce cyber exposure is an ongoing process.

Recent data suggests that there is a cyberattack every 39 seconds. Therefore, an organisation-wide cybersecurity plan is critical to tackling the constantly changing modern threat landscape. This article will discuss the five steps you can take to reduce your cyber exposure.

Find Out More