The attackers leveraged scripts and open-source tools to scan millions of AWS IP addresses, identifying vulnerable systems through exposed configuration files, databases, and repositories. They even used stolen credentials to escalate privileges on AWS services, gaining access to sensitive data and administrative controls.
Ironically, the criminals’ own misconfigured S3 bucket led to the discovery of over 2 TB of stolen data, including lists of vulnerable targets worldwide. While AWS has implemented automated measures to respond to credential leaks, the incident underscores the shared responsibility model in cloud security, emphasizing the need for customers to secure their configurations and avoid exposing credentials in code.
Rotem and Locar recommend organizations adopt robust security practices, including never hard-coding credentials, using tools like AWS Secrets Manager, and regularly auditing systems for vulnerabilities. As cloud environments continue to be a prime target for cybercriminals, proactive measures are essential to safeguard sensitive information and resources.
Source: The Register
The European Cyber Intelligence Foundation is a nonprofit think tank specializing in intelligence and cybersecurity, offering consultancy services to government entities. To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net, or you can try yourself using check.website.