Abandoned Cloud Storage Buckets Pose Major Internet Security Threat

New research has revealed that abandoned cloud storage buckets pose a significant threat to Internet security, despite being largely overlooked.

The risks arise when malicious actors discover and re-register these neglected digital repositories under their original name, and then use them to deliver malware or carry out other malicious actions on anyone still requesting files from them.

A Far From Theoretical Threat

The threat is far from theoretical, and the weakness is in fact incredibly easy to exploit, according to researchers from watchTowr who recently conducted a follow-up study on the risks tied to abandoned cloud storage buckets.

The findings come as a response to previous research conducted by watchTowr last year on the risks associated with abandoned cloud storage buckets.

AWS Response

Amazon Web Services (AWS) has provided guidance to customers on best cloud bucket practices, including the use of unique identifiers when creating bucket names to prevent unintended reuse.

AWS has also encouraged customers to use its bucket ownership condition feature, specifically designed to prevent unintended reuse of bucket names.

In addition, AWS has requested that researchers engage with its security team before conducting research involving the company’s services.

The company has also launched the bucket ownership condition feature in 2020, which is designed to prevent unintended reuse of bucket names.

Source Link