Story image

New malicious search engine trawls AWS servers for sensitive data

17 Feb 18

As if it wasn’t easy enough already, the lives for hackers has just been made a lot easier.

A new tool, deemed BuckHacker, has been made available online by an anonymous hacker. Like a very basic version (and malicious) version of Google, the tool trawls through servers at Amazon Web Services (AWS) searching for exposed data.

The name ‘BuckHacker’ sprouts from the fact that AWS Simple Storage Servers (S3) are known as ‘buckets’, the part of AWS that the tool directly targets and accesses.

FedEx provided the perfect example of the tool’s potential to perform harm when it came to light that the global package delivery giant had an unsecured server open to the public.

The server contained data that belonged to more than 119,000 people from around the globe, including passports, driving licenses and security identification. The data had been stored on an AWS S3 storage server and hosted by a third-party public cloud provider.

FedEx spokesperson Jim McCluskey assures that the company found no indication that any of the invaluable information had been ‘misappropriated’, but it certainly illustrates what could have happened.

There have been a number of major breaches involving companies storing data on an unprotected Amazon S3 storage, including the NSA who lost 100GB of highly sensitive data and two million Dow Jones customers who had their data leaked.

And Bitglass product management VP Mike Schuricht says there’s more where that came from.

"Identifying specific attack vectors like misconfigured, public AWS buckets is now a simple act for nefarious individuals,” says Schurict.

“There are plenty of tools available today, similar to the BuckHacker search engine, that easily detect and take advantage of misconfigurations in public cloud apps.”

WinMagic COO Mark Hickman says regardless of the cloud services enterprise use, they must fulfil their part of the ‘shared responsibility’ deal when it comes to security.

"Customers should encrypt all data before it is placed in the cloud, it is the last line of defence if a hacker gains access to their cloud services. Equally important, is that encryption is employed where the keys are centrally managed and remain under the customer’s constant control, and the keys never stored on a public cloud service, or servers that could be exposed to a hack," says Hickman.

"Ultimately this is the best way to defend against direct attacks and tools such as Buckhacker. Adopting this approach means customers are protecting their data, whilst the cloud provider focuses on protecting the services – both working together to lower the risk of a data breach.”

Schuricht shares these sentiments.

“Given how readily available discovery tools are for attackers, ensuring corporate infrastructure is not open to the public Internet should be considered essential for enterprise IT. FedEx is just the latest in a laundry list of organisations with deep pockets and deep security resources that have fallen victim to this very basic, yet critical error,” Schurict says.

“One of the challenges with configuring cloud applications is ensuring that all access methods are secure so that the threat of a breach is minimised. An effective way to address cloud threats is to implement a system that provides visibility over cloud data, alerts for high-risk configurations, and automatic, real-time protection mechanisms."

AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.
The quid pro quo in the IoT age
Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative.
ForeScout acquires OT security company SecurityMatters for US$113mil
Recent cyberattacks, such as WannaCry, NotPetya and Triton, demonstrated how vulnerable OT networks can result in significant business disruption and financial loss.
'DerpTrolling’ faces jail time for Sony DoS attacks
A United States federal court has charged a 23-year-old man for the hacks on Sony Online Entertainment and other major companies back in 2014.
Dropbox strengthens security with raft of new partnerships
Integrations will keep customer content protected and secure with tools for controlling identity access, governing data, and managing devices.