Amazon AWS Servers Might Soon Be Held for Ransom, Similar to MongoDB

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Amazon AWS S3 cloud storage servers might soon fall victims to ransom attacks, similar to how hacker groups held tens of thousands of MongoDB databases for ransom throughout 2017.

The statement, made today on social media by infosec expert Kevin Beaumont, is nothing short of a prophecy of things to come, an opinion shared by many security professionals to whom Bleeping Computer spoke today.
Click to expand...

Amazon AWS S3 known to leak data
Amazon AWS S3 storage servers have been leaking data all 2017, being behind some of the most notable data leaks of last year, including breaches at the NSA, the US Army, analytics providers, and more.

Those incidents happened because companies left data on publicly-readable S3 buckets ("bucket" being a term used to describe an S3 storage unit). In most cases, that data was found by security researchers who helped companies secure their systems, but hackers could get to these files first, too.

However, there's also a category of S3 buckets that are even more dangerous than publicly-readable servers. Those are publicly-writeable ones —buckets allowing any user, with or without an Amazon S3 account, to write or delete data on the AWS S3 instance. A Skyhigh Networks report from September 2017 found that 7% of all Amazon AWS S3 buckets were publicly-writeable.
Click to expand...

AWS S3 buckets to go the way of MongoDB and friends
Experts believe that hacker groups who have been busy holding MongoDB, ElasticSearch, Hadoop, CouchDB, Cassandra, and MySQL servers for ransom all of 2017 might soon turn their sights on S3 publicly-writeable buckets.

The 2017 ransom attacks usually followed the same pattern. Hackers found an exposed server, wiped data, and left a ransom note behind asking for a ransom. Some victims paid, hoping to recover data, but most users were left at the altar, as hackers did not have the storage space to back up all the ransomed servers, and never returned any of the promised data.

Now, something like this is bound to happen to Amazon S3 server owners.

"The MongoDB incidents showed that the 'spray and pray' strategy works, even without saving the data," security researcher Dylan Katz told Bleeping Computer.

Katz believes that S3 data will be wiped, and not held for ransom per-se, mainly because S3 buckets tore humongous amounts of data, which an attacker would not be able to host it all.
Click to expand...
 
  • Like
Reactions: harlan4096 and In2an3_PpG
You must log in or register to reply here.

Similar threads

upnorth
    • Like
    • Applause
    • +Reputation
Amazon slaps Automatic Encryption on S3 data
Replies
0
Views
696
News Archive
upnorth
upnorth
Sandbox Breaker
    • Like
    • Applause
AWS SSM Agent can be used as a RAT
Replies
0
Views
1,429
News Archive
Sandbox Breaker
Sandbox Breaker
MuzzMelbourne
    • Wow
    • +Reputation
    • Like
LastPass says employee’s home computer was hacked and corporate vault taken
Replies
35
Views
2,947
News Archive
TairikuOkami
TairikuOkami

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top