In the dynamic realm of information technology, where innovation and convenience often collide with security concerns, a recent study conducted by RedHunt Labs has brought to light a disturbing truth – the widespread existence of exposed and leaky cloud storage buckets, presenting a looming threat to data security across diverse sectors.
Cloud object storage buckets, the digital containers of the cloud era, serve as the cornerstone for securely organizing and accessing data. However, this digital haven can transform into a potential nightmare for organizations if not fortified with proper security measures. The vulnerability of misconfigured storage buckets took center stage in a groundbreaking study showcased at BlackHat USA and MEA 2023, leveraging the innovative tool, BucketLoot.
The study embarked on an extensive scan, targeting a staggering 170,000 instances across major cloud service providers including AWS, DigitalOcean, and GCP, employing the advanced capabilities of BucketLoot. This specialized tool, designed for automated inspection of S3-compatible buckets, meticulously scanned files up to 10 MB, with a focus on textual data such as configuration logs and code files.
The results of this comprehensive scan were nothing short of alarming. Unveiling over 23,254 misconfigured buckets, the study suggested that a staggering 1 in every 7 buckets was potentially vulnerable. What’s even more disconcerting is that these misconfigurations weren’t confined to individual owners; they permeated across well-known companies, even reaching a Biomedical Research and Development NPO. The exposure of sensitive data, including medical records, underscored the gravity of this pervasive issue.
Beyond misconfigurations, the study exposed a staggering 13,425 instances of secret exposures emanating from these buckets. The most common revelations included Google API keys, AWS Access Key IDs, and Amazon SNS Topic Disclosures, with AWS buckets particularly prone to these exposures. Such leaks could enable malicious actors to manipulate GCP services or interact with AWS CLI, posing monumental risks to the affected parties.
Asset intelligence was also a key focus of the research, unearthing over 543 million URL occurrences, of which 160 million were unique. These findings spanned various domains and subdomains, revealing hidden endpoints and URLs crucial for bug hunters and penetration testers.
In response to these alarming revelations, the study proposes three key recommendations for safeguarding cloud object storage buckets:
- Proper Configuration of Security Settings: Organizations must establish correct access controls, permissions, and policies to thwart unauthorized access.
- Avoid Storing Secrets in Buckets: Sensitive data, including access keys and API tokens, should find refuge in dedicated secrets management solutions or secure key vaults.
- Regular Monitoring and Auditing: Continuous vigilance is paramount to prevent security misconfigurations and ensure the safety of bucket contents.
This in-depth study serves as a clarion call, emphasizing the urgent need for enhanced security practices surrounding cloud object storage buckets. The findings not only spotlight the vast potential for data leaks but also underscore the critical importance of immediate action to secure these indispensable storage instances. As cloud storage continues to play a pivotal role in IT infrastructure, understanding and addressing these vulnerabilities is not merely advisable – it’s imperative for the safeguarding of sensitive data in the digital age.
