Get in Touch Close Menu

AWS Buckets: There’s a Hole in my Bucket – Securing your Data in the Cloud 

6 September 2022

According to the Cost of a Data Breach Report, the average cost of a data breach hit an all-time high of $4.35 million in 2022 (increasing from 2.6% a year earlier to 12.7% in 2020). In 2022, 83% of the firms in the survey experienced several data breaches, compared to just 17% in 2021.  One of the most significant data breaches in 2022 so far has been the S3 AWS Buckets incident.   

What are S3 AWS Buckets?   

S3 buckets are scalable, data-available, secure, and fast public cloud storage resources provided by Amazon Web Services (AWS).   

S3 buckets are available in two varieties:   

  • Public – No access restrictions; anyone can access the bucket.   
  • Private- Only authorised users can access the bucket.   

S3 buckets store backups, sensitive data, source code, and other items. Teams can also use S3 buckets for software delivery, fileserver and media hosting, and application hosting because of their user-friendly interface.   

AWS Bucket Breaches 

In 2021, AWS S3 accounted for roughly 60% of breaches.  

Like most data breaches, the AWS bucket incident resulted from an incorrectly configured bucket which exposed 36GB of data to the public. The information leaked included mortgage and customer demographics.   

Security expert Chris Vickery conducted a standard search of AWS buckets and came across the repository, which is how Chirs Vickery found the data leak. The data set is owned by Experian, a rival to Equifax, which sells consumer view databases to organisations like Alteryx.   

Even though the database did not contain actual names, the information exposed by the leak is complete enough to be merged with names from other data sources.   

Recent UK-Wide Data Leaks 2022   

MailChimp AWS Buckets 

In August 2022, MailChimp revealed it had suffered its second breach in four months, suggesting that a security problem, including phishing and social engineering techniques, had targeted bitcoin and blockchain organisations.  

While it is an ongoing investigation, Mailchimp stated that it had suspended accounts when the security team found suspicious behaviour. Mailchimp did not specify the attack’s point of entry or extent.   

Flagstar Bank AWS Buckets  

The financial sector is a popular target of hackers, with Flagstar Bank falling victim earlier this year.   

According to TechCrunch, Flagstar Bank revealed a significant data breach late last year that affected 1.54 million people.   

In a letter to customers, Flagstar Bank said:   

“After an extensive forensic investigation and manual document review, we discovered on June 2, 2022, that certain impacted files containing your personal information were accessed and acquired from our network.”   

Flagstar informed customers that it was among the numerous businesses affected by the Accellion attack in January 2021.   

Microsoft Bing and Cortana AWS Buckets   

The cyber-terrorist group Lapsus$ has been very active throughout 2022.  

First appearing in December 2021, Lapsus$ started collecting sensitive and well-known firms’ source code and other valuable information and publishing it in an extortion attempt.  

Some of the organisations include:  

  • Nvidia  
  • Samsung  
  • Ubisoft  

Lapsus$ appears to have bases in South America and the United Kingdom and uses phishing attacks to infiltrate the targets’ networks.   

In March 2022, the attacks hit a peak when Lapsus$ revealed that it had compromised a contractor with access to the internal systems and exposed portions of the source code for Microsoft Bing and Cortana.  

Since then, British police have detained seven people associated with the attacks.  

Challenges of Configuring AWS Buckets   

As suggested earlier, the most successful S3 bucket attacks result from human error, including:  

  • Unprotected or inadequately protected access  
  • Phishing links 
  • Quickly deciphered unsigned URLs 
  • Incorrectly configured bucket policies  
  • Access control list (ACL) 
  • Identity and access management (IAM) permissions  

The challenge of buckets is ensuring all the above is correctly configured, as there are several ways to access this secure data. However, if the contents of a bucket are revealed, attackers may:  

  • Drop the Bucket’s data (Data Breaches)  
  • Compromise file integrity 
  • Take the files out of the bucket   
  • Put dangerous files in the bucket   

How can you Secure your S3 AWS Bucket?   

Since 82 per cent of organisations mistakenly expose their data to third-party access, S3 security must be a priority. To mitigate this security risk, organisations should secure buckets by:  

  • Using whitelisting instead of blacklisting gives access rights only to those processes or people requiring them 
  • Restrict those having the ability to write – never provide everyone with block access 
  • Use the appropriate ACL list 
  • Correctly implement the bucket policy 

CloudGuard Securing Buckets   

With the CloudGuard tool, you can quickly determine whether any of your S3 buckets are encrypted by running a simple query over hundreds of them.   

Using CloudBots, you can quickly add automatic remediation that permanently activates encryption on existing and newly created buckets.   

AWS Buckets S3

Get in contact with us for a free Cloud Check-Up, and you will receive a report auditing over 100 compliance checks and configurations within your public cloud instance. 

Related Articles

Amid CHAOS, There is Also Crypto Mining
30 January 2023

Sapphire’s SOC Team have been tracking a recent Crypto Mining campaign targeting Linux systems, utilising a proof-of-concept (PoC) hack tool hosted on GitHub known as ‘CHAOS’.

Find Out More
CASE STUDY: SAPPHIRE UTILITY SOLUTIONS
9 January 2023

Like all organisations, Sapphire Utility Solutions (SUS) is a target for cybercriminals. This is only exasperated by its rapid growth.

Whilst having extensive security experience within the team, SUS wanted to enhance its cybersecurity capabilities and provide the best resources for its team to take advantage of, so it decided to outsource its cybersecurity via Sapphire’s Managed Security service.

Find Out More
What Does SIEM Stand for?
6 January 2023

SIEM (Security Information and Event Management) is one of many approaches to security management. It combines SIM (Security Information Management) and SEM (Security Event Management) to aggregate data from a variety of sources as well as identify any deviations and act against them.  

Find Out More