{"id":16734,"date":"2019-10-30T11:21:06","date_gmt":"2019-10-30T19:21:06","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2019\/10\/30\/news-10473\/"},"modified":"2019-10-30T11:21:06","modified_gmt":"2019-10-30T19:21:06","slug":"news-10473","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2019\/10\/30\/news-10473\/","title":{"rendered":"Exposed: The cost of errors in the public cloud"},"content":{"rendered":"

Credit to Author: Rich Beckett| Date: Wed, 30 Oct 2019 17:23:56 +0000<\/strong><\/p>\n

\n

Who\u2019s in charge of security in the public cloud?<\/p>\n

It may sound like an odd question, but when working with a cloud provider such as Amazon Web Services (AWS), Microsoft Azure or Google Cloud Platform, it\u2019s important to understand that security is a shared responsibility.<\/p>\n

Public cloud providers offer customers a great deal of flexibility in how they build their cloud environments. The consequence of all this flexibility, however, is that providers don’t offer complete protection for virtual networks, virtual machines or data that’s in the cloud.<\/p>\n

That shared responsibility<\/a> model means cloud providers ensure security of the cloud, while the organization (the cloud provider\u2019s customer, i.e. you) is responsible for anything run in the cloud. Now, admins don\u2019t always know what the cloud provider takes care of, and the security controls they themselves must apply. This, as you can imagine, leads to exposed data, file, database and hard drive snapshots.<\/p>\n

You might have heard of S3 bucket breaches \u2013 of which there have been many! But, this article series aims to break down the other big security-breach risks and how to protect against them, starting with the most common of all…<\/p>\n

Public Amazon S3 bucket exposure (with a new twist)<\/h2>\n

You won\u2019t have to look far to find stories of S3-related data breaches caused by misconfiguration, where S3 security settings were left set to \u201cPublic.\u201d AWS has even released an update<\/a> to help customers from running afoul of this, one of the biggest causes of cloud data breaches.<\/p>\n

Reading about the thousands of cases out there, you\u2019d be forgiven for thinking that attackers are only after an organization\u2019s sensitive data<\/a> in these attacks. Unfortunately, you\u2019d be wrong.<\/p>\n

In addition to financial and PII data, one of the main uses of cloud storage accounts like Amazon S3 buckets is to host static website content like HTML files, JavaScript and Style Sheets (CSS). Attacks targeting those resources aren\u2019t targeting exposed data. Instead, they look to modify website files maliciously<\/a> to steal user financial information.<\/p>\n

A fork in the (attackers) road<\/h3>\n

Both attack chains look the same at the start, with attackers scanning the internet for misconfigured S3 buckets using automated S3 scanners. But this is where our attack paths diverge.<\/p>\n

In your typical S3 data breach, attackers now list and sync the valuable contents to local disk and access all the data that was misconfigured in \u201cpublic\u201d mode.<\/p>\n

In the case of our data modification attack: once access is gained, attackers look for JavaScript content and modify it to include malicious code. Now, when a user visits the infected website, the malicious JavaScript code loads, logging all credit and debit card details entered to payment forms. This data is then sent to the criminal\u2019s server.<\/p>\n

How to identify and prevent S3 bucket Exposure (both kinds)<\/h3>\n

Accidental or malicious changes to the S3 storage configurations that leave organizations exposed are all too common. Cloud Optix<\/a> makes it simple to quickly identify any publicly accessible data or website files and make them private. It adds an additional level of security to these critical services with Guardrails, ensuring no configuration changes are made without permission.<\/p>\n

\"\"<\/p>\n

Cloud Optix alerts you to exposed S3 buckets within minutes, providing contextual alerts that group the affected resources, provide a description of the issue, and remediation steps. These steps include the ability to auto-remediate \u2013 updating resource read\/write permissions where S3 storage has been left open to the public internet.<\/p>\n

\"\"<\/p>\n

Going the extra mile with AI capabilities to detect suspicious user login events, Cloud Optix alerts organizations if the contents of an S3 bucket is modified from an unusual location – suggesting that shared or stolen user credentials are being used remotely.<\/p>\n

\"\"<\/p>\n

Whatever the end goal of an S3 service breach, these simple steps in Cloud Optix<\/a> makes it simple to stay one step ahead of attackers.<\/p>\n<\/p><\/div>\n

http:\/\/feeds.feedburner.com\/sophos\/dgdY<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Rich Beckett| Date: Wed, 30 Oct 2019 17:23:56 +0000<\/strong><\/p>\n

This series aims to break down the big cloud-security breach risks and how to protect against them, starting with a new twist on public Amazon S3 bucket exposure.<img src=”http:\/\/feeds.feedburner.com\/~r\/sophos\/dgdY\/~4\/WB8HGxtliII” height=”1″ width=”1″ alt=””\/><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10377],"tags":[12010,23317,11728,21508,10379],"class_list":["post-16734","post","type-post","status-publish","format-standard","hentry","category-security","category-sophos","tag-aws","tag-aws-s3-bucket","tag-cloud","tag-cloud-optix","tag-corporate"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/16734","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=16734"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/16734\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=16734"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=16734"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=16734"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}