2% of Amazon S3 Public Buckets Aren't Write-Protected, Exposed to Ransom Attacks

[LASER_oneXM]

New research published on Monday reveals that 5.8% of all Amazon S3 buckets are publicly readable, while 2% are publicly writeable —with the latter allowing anyone to add, edit, or delete data, and even hold a victim's data for ransom.

This new research, carried out by French cyber-security company HTTPCS, comes to update a previous survey of Amazon S3 buckets from September 2017.

That survey, carried out by cloud security experts from Skyhigh Networks (now part of McAfee), found that 7% of all Amazon S3 storage buckets were publicly readable.

At the time, experts believed that the high number of publicly readable buckets was the main reason behind a spike in data breach reports.

The new HTTPCS survey scanned over 100,000 S3 buckets, but also looked for buckets to which anyone could add data. This new scan was most likely carried out after a Bleeping Computer report from last week warned that such buckets could be abused for data ransom attacks.

"20% of public Buckets (i.e. 2% of the total) aren't write-protected, what might lead to data corruption attacks, malware spreading, and even to ransomware attacks, as we could see in 2017 on poorly configured MongoDB databases," HTTPCS experts discovered, adding that "only 5% of the Buckets which aren't write-protected (i.e. 0.1% of the total) don’t contain any file, therefore the possibilities of large-scale attacks are quite real."

 

[ForgottenSeer 58943]

2%? Try around 12% are missing or lacking proper bucket configurations for lockdowns. Again, don't trust AWS, or at least be exceptionally cautious.

 

[kellysi]

The problem is deeper, they found out that some of the companies that were either storing data on clients or selling this data to others, had no protection, anyone with a link could access the data. By data some of them include sensitive stuff, like name, address, date of birth and so on.