With the cloud rapidly becoming the principal source of computing and data storage resources for organizations of all sizes, new types of exposures and attack paths have emerged. Earlier in the year, security researchers made a series of discoveries around organizations misconfiguring their AWS S3 buckets that allowed public access to the data stored in these buckets.

More recently, Skyhigh cloud security researchers revealed a new type of data exposure in S3 buckets called ‘GhostWriter.’ It’s where bucket owners misconfigure S3 buckets that allow public write access. This means that an unauthorized party could launch a stealthy man-in-the-middle (MITM) attack.

GhostWriter highlights the fact that cloud security is not the sole responsibility of the cloud service provider but is a shared responsibility. It is often a customer misconfiguration or misuse of a cloud service that exposes their data to unauthorized parties. So much so that according to Gartner, by 2020, 95% of security failures in the cloud will be the customer’s fault.

Skyhigh has identified that, on average, more than 1,600 S3 buckets (many referenced from web sites that leverage S3 for delivering content) are accessed from within enterprise networks, of which about four percent are exposed to ‘GhostWriter’ due to misconfiguration by bucket owners rather than due to any exposure in the storage service provider. Skyhigh has identified thousands of such buckets being accessed from enterprise networks and has shared these affected buckets with AWS for remediation.

These exposed 3rd party buckets are wide-ranging and include buckets owned by leading national news/media sites, large retail stores, popular cloud services, and advertisement networks.

What Can Bucket Owners Do About GhostWriter?

With the shared responsibility model for security associated with using AWS comes the serious need for customers to understand the myriad ways that AWS services can be misconfigured. (Read more...)