sb-eu logo
Story image

New malicious search engine trawls AWS servers for sensitive data

17 Feb 2018

As if it wasn’t easy enough already, the lives for hackers has just been made a lot easier.

A new tool, deemed BuckHacker, has been made available online by an anonymous hacker. Like a very basic version (and malicious) version of Google, the tool trawls through servers at Amazon Web Services (AWS) searching for exposed data.

The name ‘BuckHacker’ sprouts from the fact that AWS Simple Storage Servers (S3) are known as ‘buckets’, the part of AWS that the tool directly targets and accesses.

FedEx provided the perfect example of the tool’s potential to perform harm when it came to light that the global package delivery giant had an unsecured server open to the public.

The server contained data that belonged to more than 119,000 people from around the globe, including passports, driving licenses and security identification. The data had been stored on an AWS S3 storage server and hosted by a third-party public cloud provider.

FedEx spokesperson Jim McCluskey assures that the company found no indication that any of the invaluable information had been ‘misappropriated’, but it certainly illustrates what could have happened.

There have been a number of major breaches involving companies storing data on an unprotected Amazon S3 storage, including the NSA who lost 100GB of highly sensitive data and two million Dow Jones customers who had their data leaked.

And Bitglass product management VP Mike Schuricht says there’s more where that came from.

"Identifying specific attack vectors like misconfigured, public AWS buckets is now a simple act for nefarious individuals,” says Schurict.

“There are plenty of tools available today, similar to the BuckHacker search engine, that easily detect and take advantage of misconfigurations in public cloud apps.”

WinMagic COO Mark Hickman says regardless of the cloud services enterprise use, they must fulfil their part of the ‘shared responsibility’ deal when it comes to security.

"Customers should encrypt all data before it is placed in the cloud, it is the last line of defence if a hacker gains access to their cloud services. Equally important, is that encryption is employed where the keys are centrally managed and remain under the customer’s constant control, and the keys never stored on a public cloud service, or servers that could be exposed to a hack," says Hickman.

"Ultimately this is the best way to defend against direct attacks and tools such as Buckhacker. Adopting this approach means customers are protecting their data, whilst the cloud provider focuses on protecting the services – both working together to lower the risk of a data breach.”

Schuricht shares these sentiments.

“Given how readily available discovery tools are for attackers, ensuring corporate infrastructure is not open to the public Internet should be considered essential for enterprise IT. FedEx is just the latest in a laundry list of organisations with deep pockets and deep security resources that have fallen victim to this very basic, yet critical error,” Schurict says.

“One of the challenges with configuring cloud applications is ensuring that all access methods are secure so that the threat of a breach is minimised. An effective way to address cloud threats is to implement a system that provides visibility over cloud data, alerts for high-risk configurations, and automatic, real-time protection mechanisms."

Story image
Exabeam and Code42 partner up to launch insider threat solution
The solution will give customers a fuller picture of their environment, and will leverage automated incident response to obstruct insider threat before data loss occurs.More
Story image
Report: 151% increase in DDoS attacks compared to 2019
It comes as the security risk profile for organisations around the world increased in large part thanks to the COVID-19 pandemic, forcing greater reliance on cloud technology and thrusting digital laggards into quick and unsecured migrations.More
Story image
Gartner predicts 75% of CEOs to be liable for cyber-physical security incidents by 2024
The nature of CPSs means incidents can quickly lead to physical harm to people, destruction of property or environmental disasters – and Gartner’s new research indicates that these incidents will increase drastically in the next few years if the lack of spending on these assets continues.More
Story image
Research: 61% of companies have suffered an insider attack in last 12 months
It comes as rapid migration to cloud and remote working and BYOD scenarios leave organisations increasingly vulnerable to insider attacks as a result of the upheaval caused by the COVID-19 pandemic.More
Story image
SMBs seeking service providers in face of rising cyber threats
SMBs are struggling with their cybersecurity solutions, with three quarters worried about being the target of a cyberattack in the next six months, and 91% considering using or switching to a new IT service provider if offered a better option.More
Story image
CrowdStrike integrates with ServiceNow program to bolster incident response
As part of the move, users can now integrate device data from the CrowdStrike Falcon platform into their incident response process, allowing for the improvement of both the security and IT operation outcomes.More