Lightspin Research Team Discovers Cross-Account Attack Path Leveraging Dangerous S3 Bucket Permissions on AWS
If leveraged, this attack can cause a real and measurable impact to a business' bottom line, by opening up certain AWS buckets to unauthorized writes from any AWS account.
- If leveraged, this attack can cause a real and measurable impact to a business' bottom line, by opening up certain AWS buckets to unauthorized writes from any AWS account.
- Lightspin found this potential misconfiguration as part of its ongoing research into AWS S3 buckets, while researching examples of S3 buckets using the standard AWS bucket permissions.
- After inspecting 40,000 Amazon S3 buckets, Lightspin found that, on average, the "objects can be public" permission applies to 42% of an organization's objects on AWS overall.
- During the research, Lightspin discovered that it's possible for hackers using AWS Cloudtrail and Config to write to buckets held by other accounts even if those buckets aren't public.