Adrian Johnson
TLDR:
Experts have discovered critical flaws in AWS offerings that could lead to remote code execution, data theft, and full-service takeovers. Central to the issue is the attack vector Bucket Monopoly, which allows attackers to gain access to AWS S3 buckets and escalate privileges. Amazon addressed the vulnerabilities after responsible disclosure, but organizations should take precautions to protect against these potential attacks.
Article:
Cybersecurity researchers have found severe vulnerabilities in Amazon Web Services (AWS) that could result in serious consequences if exploited. The impact of these flaws includes remote code execution, full-service takeovers, AI module manipulation, data exposure, data exfiltration, and denial-of-service attacks. These findings were presented at Black Hat USA 2024 after responsible disclosure to Amazon earlier that year.
One of the major issues identified, called Bucket Monopoly, involves the creation of AWS S3 buckets through services like CloudFormation, Glue, EMR, SageMaker, ServiceCatalog, and CodeStar. Attackers can create unused buckets in advance and use a unique naming convention to gain access to legitimate AWS customers’ content when they use vulnerable services for the first time in a region.
Attackers can exploit the vulnerabilities to escalate privileges, execute code, steal data, manipulate data, or even gain full control over victim accounts without their knowledge. The attack vector affects not only AWS services but also open-source projects used by organizations to deploy resources in AWS environments.
Aqua recommends organizations use unique hashes or random identifiers for S3 bucket names to prevent attackers from claiming their buckets prematurely. While Amazon has addressed the identified flaws, organizations should take steps to protect against potential attacks by securing AWS infrastructure and monitoring for any suspicious activity.
