Skip to main content

AWS S3 bucket vulnerabilities could be ‘wormable’

(Image credit: Image Credit: TZIDO SUN / Shutterstock)

Improperly configured AWS S3 buckets are exposing vast quantities of sensitive business data, according to a new report from Truffle Security.

The firm claims it was able to identify 4,000 misconfigured S3 buckets containing private information, including login credentials, security keys and API keys - all of which could be used to execute secondary cyberattacks on the bucket owner.

As reported by The Register, cloud misconfiguration is increasingly common (despite the best efforts of AWS) and companies of all sizes are guilty. Owners of the thousands of insecure S3 buckets discovered by Truffle ranged from Fortune 500 giants, to charitable organizations and fledgling businesses.

The most concerning aspect of the failure to secure cloud storage is the scope for further cyberattacks, once information has been extracted from the exposed S3 bucket. In other words, the original bucket could be the start of a breadcrumb trail that leads hackers into the corporate network.

“It’s probably fair to assume authenticated buckets contain more secrets than authenticated ones, due to the implied higher security bar authentication provides. This means attackers can likely use the first round of buckets to find keys that unlock an additional round of buckets etc.,” explained Truffle Security.

“We did not use any of these keys or explore this possibility for obvious reasons, but this makes this type of attack ‘wormable’, i.e., one bucket can lead to another bucket, and so on, magnifying the impact of the leak.”

Truffle Security is in the process of alerting the relevant businesses to their misconfigured S3 buckets, or petitioning AWS to handle the issue if the bucket manager cannot be contacted.