Cloud misconfigurations continue to pose an enormous threat to businesses everywhere, with millions of dollars in damages and brand reputation at stake.
This is according to a new report from Palo Alto Networks, whose cybersecurity research arm (Unit 42) recently discovered two critical Amazon Web Services (AWS) misconfigurations in a customer’s environment.
According to the company’s report, the flaws had the potential to bring about a "multi-million-dollar data breach”.
Speaking to SDX Central on the topic, the company’s CSO of Public Cloud, Matt Chiodi, said that the finding was not an isolated incident, but rather a common occurrence.
“We found thousands upon thousands of other accounts that were susceptible to the same type of identity misconfigurations. So, we know this isn’t just an isolated problem. This is a widespread problem in the cloud,” he explained.
In these particular cases, however, Chiodi said the misconfigurations were injected by the customer itself, by mistake. The good news is that the flaw doesn’t seem to have been exploited in the wild.
The misconfiguration was related to the IAM role trust policy “AssumeRole” which, if exploited, could allow an attacker access to sensitive resources. As a consequence, the attacker could launch denial-of-service attacks, distribute malware or advanced persistent threats (APT).
Chiodi also said the researchers managed to move laterally throughout the target company, escalating their privilege and gaining admin access to the entire cloud environment.
These misconfigurations can be abused in a number of ways, so Chiodi advises businesses to focus on improving and strengthening the defense of their cloud infrastructure.