In 2012, the Cybersecurity and Infrastructure Security Agency (CISA) issued a public advisory regarding software to monitor and control building systems. Fast-forward to 2023, and cybersecurity researchers at watchTowr discovered that an abandoned Amazon S3 bucket referenced in that advisory was still active and vulnerable.
Left unattended for over a decade, malicious actors could have reregistered this bucket to deliver malware or launch devastating supply chain attacks. Fortunately, researchers notified CISA, which promptly secured the vulnerable resource. The incident illustrates how even organizations dedicated to cybersecurity can fall prey to the dangers of neglected digital infrastructure.
This story is not an anomaly. It indicates a systemic issue that spans industries, governments, and corporations. A recent investigation by watchTowr underscores the pressing risks posed by abandoned or poorly configured cloud infrastructure, revealing a widespread blind spot that urgently needs the industry’s attention.
An unguarded access point
During the four-month investigation by watchTowr researchers managed to assume control of roughly 150 neglected AWS S3 buckets belonging to a range of users, including Fortune 500 corporations, government agencies, academic institutions, and cybersecurity firms. These abandoned cloud assets were still being queried via millions of HTTP requests. Legitimate organizations and systems sought critical resources such as software updates, unsigned virtual machines, JavaScript files, and server configurations. During two months, more than 8 million such calls were recorded.
The implications are staggering: These requests could have easily been manipulated by bad actors to deliver malware, collect sensitive information, or even orchestrate large-scale supply chain attacks. WatchTowr warned that breaches of this magnitude could surpass the infamous 2020 SolarWinds attack in scale and impact. Among the incidents uncovered by watchTowr are several alarming examples:
- Abandoned S3 buckets tied to SSL VPN appliance vendors were discovered to be still serving deployment templates and configurations.
- An older GitHub commit from 2015 exposed an S3 bucket linked to a popular open source WebAssembly compiler.
- Researchers uncovered systems pulling virtual machine images from abandoned resources.
A minor oversight with major consequences
Entities attempting to communicate with these abandoned assets include government organizations (such as NASA and state agencies in the United States), military networks, Fortune 100 companies, major banks, and universities. The fact that these large organizations were still relying on mismanaged or forgotten resources is a testament to the pervasive nature of this oversight.
The researchers emphasized that this issue isn’t specific to AWS, the organizations responsible for these resources, or even a single industry. It reflects a broader systemic failure to manage digital assets effectively in the cloud computing age. The researchers noted the ease of acquiring internet infrastructure—an S3 bucket, a domain name, or an IP address—and a corresponding failure to institute strong governance and life-cycle management for these resources.
Explore IT Tech News for the latest advancements in Information Technology & insightful updates from industry experts!
Source : https://www.infoworld.com/article/3819014/the-hidden-threat-of-neglected-cloud-infrastructure.html
