GhostWriter AWS Issue Impacts Thousands of Amazon S3 Buckets

Skyhigh Networks researchers is warning of an issue they’re calling “GhostWriter,” in which Amazon S3 buckets are misconfigured to allow public write access, enabling a malicious third party to launch man-in-the-middle (MiTM) attacks.

“GhostWriter underlines the fact that security is just not the responsibility of the cloud service providers, but also the customer, and often it is a customer misconfiguration that exposes their data to threat,” Skyhigh chief scientist Sekhar Sarukkai wrote in a blog post detailing the threat.

On average, more than 1,600 S3 buckets are accessed from within enterprise networks, according to Skyhigh, of which about 4 percent are exposed to GhostWriter. “Skyhigh has identified thousands of such buckets being accessed from enterprise networks and has shared these affected buckets with AWS for remediation,” Sarukkai wrote.

The exposed buckets include those owned by major news sites, leading retailers, popular cloud services and ad networks.

“Bucket owners who store JavaScript or other code should pay particular attention to this issue to ensure that third parties don’t silently overwrite their code for drive-by attacks, Bitcoin mining or other exploits,” Sarukkai added.

Misconfigured Amazon S3 buckets have been responsible for a string of extremely high-profile breaches over the past several months, exposing 14 million Verizon customers’ data, as many as 4 million Dow Jones customers’ personal information, over 3 million WWE fans’ contact details, more than 1.8 million Chicago voters’ personal information, and over? 316,000 medical records.

Cloud Security Concerns

A recent AlgoSec survey [PDF] of 450 senior security and network professionals found that while 32 percent of respondents plan to increase their public cloud usage in the next 12 to 18 months, a majority say they have significant concerns about cloud security, and are facing problems with visibility and security management.

Forty percent of respondents say security concerns are inhibiting further adoption of cloud platforms. Leading concerns about the cloud include cyber attacks (58 percent) unauthorized access (53 percent), downtime or outages (46 percent), and misconfiguration of cloud security controls leading to security holes (41 percent).

After migrating applications to public clouds, 44 percent of respondents said they faced challenges managing security policies, and 30 percent said their applications didn’t work after the cloud migration.

AlgoSec director of communications Joanne Godfrey said in a statement that it’s essential for organizations to maintain complete visibility across both on-premise and cloud networks, along with the ability to manage security policies. “This enables them to better protect the business and fulfill compliance demands, while taking full advantage of the cost savings and agility offered by the hybrid cloud model,” she said.

An Opening for Threats

A separate Threat Stack survey of 167 executives and managers responsible for securing cloud-based applications found that 31 percent said they’re simply unable to maintain security as their cloud and container environments grow, and 62 percent said they’re seeking greater visibility into their public cloud workloads as a result.

The survey, conducted in collaboration with Enterprise Strategy Group, also found that 40 percent of respondents expect to have hybrid environments within a year, up from 12 percent who currently do — and 45 percent plan to start testing or deploying containerized environments, up from 42 percent who currently do.

Still, 94 percent of respondents believe containers have negative security implications for their organizations.

“Companies of all sizes are adopting increasingly more complex technical solutions as the market democratizes what was previously reserved for software giants,” Threat Stack CSO Sam Bisbee said in a statement. “This has created an opening for internal and external threats as security teams catch up on cloud, containers, and more.”

Jeff Goldman
Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Latest articles

Top Cybersecurity Companies

Get the Free Newsletter!
Subscribe to Cybersecurity Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter!
Subscribe to Cybersecurity Insider for top news, trends & analysis
This email address is invalid.

Related articles