GhostWriter AWS Issue Impacts Thousands of Amazon S3 Buckets

SHARE
Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
Email  

Skyhigh Networks researchers is warning of an issue they're calling "GhostWriter," in which Amazon S3 buckets are misconfigured to allow public write access, enabling a malicious third party to launch man-in-the-middle (MiTM) attacks.

"GhostWriter underlines the fact that security is just not the responsibility of the cloud service providers, but also the customer, and often it is a customer misconfiguration that exposes their data to threat," Skyhigh chief scientist Sekhar Sarukkai wrote in a blog post detailing the threat.

On average, more than 1,600 S3 buckets are accessed from within enterprise networks, according to Skyhigh, of which about 4 percent are exposed to GhostWriter. "Skyhigh has identified thousands of such buckets being accessed from enterprise networks and has shared these affected buckets with AWS for remediation," Sarukkai wrote.

The exposed buckets include those owned by major news sites, leading retailers, popular cloud services and ad networks.

"Bucket owners who store JavaScript or other code should pay particular attention to this issue to ensure that third parties don't silently overwrite their code for drive-by attacks, Bitcoin mining or other exploits," Sarukkai added.

Misconfigured Amazon S3 buckets have been responsible for a string of extremely high-profile breaches over the past several months, exposing 14 million Verizon customers' data, as many as 4 million Dow Jones customers' personal information, over 3 million WWE fans' contact details, more than 1.8 million Chicago voters' personal information, and over 316,000 medical records.

Cloud Security Concerns

A recent AlgoSec survey [PDF] of 450 senior security and network professionals found that while 32 percent of respondents plan to increase their public cloud usage in the next 12 to 18 months, a majority say they have significant concerns about cloud security, and are facing problems with visibility and security management.

Forty percent of respondents say security concerns are inhibiting further adoption of cloud platforms. Leading concerns about the cloud include cyber attacks (58 percent) unauthorized access (53 percent), downtime or outages (46 percent), and misconfiguration of cloud security controls leading to security holes (41 percent).

After migrating applications to public clouds, 44 percent of respondents said they faced challenges managing security policies, and 30 percent said their applications didn't work after the cloud migration.

AlgoSec director of communications Joanne Godfrey said in a statement that it's essential for organizations to maintain complete visibility across both on-premise and cloud networks, along with the ability to manage security policies. "This enables them to better protect the business and fulfill compliance demands, while taking full advantage of the cost savings and agility offered by the hybrid cloud model," she said.

An Opening for Threats

A separate Threat Stack survey of 167 executives and managers responsible for securing cloud-based applications found that 31 percent said they're simply unable to maintain security as their cloud and container environments grow, and 62 percent said they're seeking greater visibility into their public cloud workloads as a result.

The survey, conducted in collaboration with Enterprise Strategy Group, also found that 40 percent of respondents expect to have hybrid environments within a year, up from 12 percent who currently do -- and 45 percent plan to start testing or deploying containerized environments, up from 42 percent who currently do.

Still, 94 percent of respondents believe containers have negative security implications for their organizations.

"Companies of all sizes are adopting increasingly more complex technical solutions as the market democratizes what was previously reserved for software giants," Threat Stack CSO Sam Bisbee said in a statement. "This has created an opening for internal and external threats as security teams catch up on cloud, containers, and more."

JOIN THE DISCUSSION

Loading Comments...