SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
New malicious search engine trawls AWS servers for sensitive data
Sat, 17th Feb 2018
FYI, this story is more than a year old

As if it wasn't easy enough already, the lives for hackers has just been made a lot easier.

A new tool, deemed BuckHacker, has been made available online by an anonymous hacker. Like a very basic version (and malicious) version of Google, the tool trawls through servers at Amazon Web Services (AWS) searching for exposed data.

The name ‘BuckHacker' sprouts from the fact that AWS Simple Storage Servers (S3) are known as ‘buckets', the part of AWS that the tool directly targets and accesses.

FedEx provided the perfect example of the tool's potential to perform harm when it came to light that the global package delivery giant had an unsecured server open to the public.

The server contained data that belonged to more than 119,000 people from around the globe, including passports, driving licenses and security identification. The data had been stored on an AWS S3 storage server and hosted by a third-party public cloud provider.

FedEx spokesperson Jim McCluskey assures that the company found no indication that any of the invaluable information had been ‘misappropriated', but it certainly illustrates what could have happened.

There have been a number of major breaches involving companies storing data on an unprotected Amazon S3 storage, including the NSA who lost 100GB of highly sensitive data and two million Dow Jones customers who had their data leaked.

And Bitglass product management VP Mike Schuricht says there's more where that came from.

"Identifying specific attack vectors like misconfigured, public AWS buckets is now a simple act for nefarious individuals,” says Schurict.

“There are plenty of tools available today, similar to the BuckHacker search engine, that easily detect and take advantage of misconfigurations in public cloud apps.

WinMagic COO Mark Hickman says regardless of the cloud services enterprise use, they must fulfil their part of the ‘shared responsibility' deal when it comes to security.

"Customers should encrypt all data before it is placed in the cloud, it is the last line of defence if a hacker gains access to their cloud services. Equally important, is that encryption is employed where the keys are centrally managed and remain under the customer's constant control, and the keys never stored on a public cloud service, or servers that could be exposed to a hack," says Hickman.

"Ultimately this is the best way to defend against direct attacks and tools such as Buckhacker. Adopting this approach means customers are protecting their data, whilst the cloud provider focuses on protecting the services – both working together to lower the risk of a data breach.

Schuricht shares these sentiments.

“Given how readily available discovery tools are for attackers, ensuring corporate infrastructure is not open to the public Internet should be considered essential for enterprise IT. FedEx is just the latest in a laundry list of organisations with deep pockets and deep security resources that have fallen victim to this very basic, yet critical error,” Schurict says.

“One of the challenges with configuring cloud applications is ensuring that all access methods are secure so that the threat of a breach is minimised. An effective way to address cloud threats is to implement a system that provides visibility over cloud data, alerts for high-risk configurations, and automatic, real-time protection mechanisms."