Threat actors could hijack neglected Amazon AWS S3 buckets to conduct a global software supply chain attack significantly more damaging than the sweeping SolarWinds hack nearly five years ago, reports The Register.Nearly 150 S3 buckets previously leveraged by cybersecurity firms, governments, Fortune 500 companies, and open source projects could be re-registered with the same AWS account name to facilitate executable and/or code injections in the deployment code/software update mechanism, according to watchTowr Labs researchers, who already moved to sinkhole all of the abandoned buckets to prevent potential compromise.This news was regarded by watchTowr founder and CEO Benjamin Harris to be easily addressed if Amazon prohibits repeat usage of S3 bucket names. "This approach would entirely kill this vulnerability class (abandoned infrastructure) in the context of AWS S3," said Harris.Meanwhile, AWS noted having unveiled a bucket ownership condition functionality curbing inadvertent bucket name reuse. "After conducting their research without notifying AWS, watchTowr provided the bucket names to AWS, and to protect our customers, we blocked these specific buckets from being re-created," said an AWS spokesperson.
Cloud Security
Software Supply Chain Compromise Possible With Neglected AWS S3 Buckets
(Adobe Stock)
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
You can skip this ad in 5 seconds