Misconfigured Amazon S3 Buckets Expose Users, Companies to Stealthy MitM Attacks

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Hackers can exploit exposed Amazon S3 buckets to carry out silent Man-in-the-Middle attacks or other hacks on a company's customers or internal staff.

Codenamed GhostWriter, the technique relies on an attacker scanning the Internet and identifying misconfigured S3 buckets that not only have been left exposed online for anyone to view, but the server owner has also forgotten to restrict write access.

GhostWriter - replacing legitimate files with malicious ones
Attackers can leverage these S3 configuration mishaps to replace original files with modified versions that they use for nefarious purposes.

"Bucket owners who store JavaScript or other code should pay particular attention to this issue to ensure that 3rd parties don’t silently overwrite their code for drive-by attacks, Bitcoin mining, or other exploits," said Sekhar Sarukkai, Chief Scientist at Skyhigh Networks.

Sarukkai details one of these attacks. For example, if an attacker finds an exposed S3 bucket with write access belonging to a news agency, the attacker could replace ad code and redirect revenue to his account or intercept and redirect subscription payments.

GhostWriter-Attack.png

GhostWriter is a stealthy method of hacking companies

The GhostWriter technique Sarukkai describes is most deadly when used as a means to carry out Man-in-the-Middle attack and intercept incoming traffic.

The attack is stealthy and hard to pick up, as it relies on the trust most organizations put in cloud providers.

GhostWriter can be used against both a company's end users and employees alike, allowing attackers a way to go after the company's customers, or hack its internal network and search for more sensitive data. One misconfigured S3 bucket is all it takes.
 
  • Like
Reactions: In2an3_PpG

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top