Amazon AWS S3 known to leak data

Amazon AWS S3

Amazon AWS S3 known to leak data

Amazon AWS S3 cloud storage servers might soon fall victims to ransom attacks, similar to how hacker groups held tens of thousands of MongoDB databases for ransom throughout 2017.

The statement, made today on social media by infosec expert Kevin Beaumont, is nothing short of a prophecy of things to come, an opinion shared by many security professionals to whom Bleeping Computer spoke today.

Amazon AWS S3 storage servers have been leaking data all 2017, being behind some of the most notable data leaks of last year, including breaches at the NSA, the US Army, analytics providers, and more.

Those incidents happened because companies left data on publicly-readable S3 buckets (“bucket” being a term used to describe an S3 storage unit). In most cases, that data was found by security researchers who helped companies secure their systems, but hackers could get to these files first, too.

However, there’s also a category of S3 buckets that are even more dangerous than publicly-readable servers. Those are publicly-writeable ones —buckets allowing any user, with or without an Amazon S3 account, to write or delete data on the AWS S3 instance. A Skyhigh Networks report from September 2017 found that 7% of all Amazon AWS S3 buckets were publicly-writeable.

AWS S3 buckets to go the way of MongoDB and friends

Experts believe that hacker groups who have been busy holding MongoDB, ElasticSearch, Hadoop, CouchDB, Cassandra, and MySQL servers for ransom all of 2017 might soon turn their sights on S3 publicly-writeable buckets.

The 2017 ransom attacks usually followed the same pattern. Hackers found an exposed server, wiped data, and left a ransom note behind asking for a ransom. Some victims paid, hoping to recover data, but most users were left at the altar, as hackers did not have the storage space to back up all the ransomed servers, and never returned any of the promised data.

Now, something like this is bound to happen to Amazon S3 server owners.

“The MongoDB incidents showed that the ‘spray and pray’ strategy works, even without saving the data,” security researcher Dylan Katz told Bleeping Computer.

Katz believes that S3 data will be wiped, and not held for ransom per-se, mainly because S3 buckets tore humongous amounts of data, which an attacker would not be able to host it all.

Source: BleepingComputer

Share this post