The Ease of Exploiting AWS Cloud Misconfigurations
A security researcher decided to prove just how easy it was to find misconfigured assets on cloud services by leveraging pre-known network infrastructure to find live servers within reach. Here's what he discovered...
Cloud misconfigurations are hands-down the top vulnerability in cloud security environments today.
In fact, according to McAfee, 99% of those vulnerabilities in companies’ clouds will go unnoticed… at least by the cloud customer. But probably not the bad guys.
Avi Lumelsky, a business-oriented security researcher, put this to the test earlier this year when he decided to prove just how easy it was to find misconfigured assets on cloud services by scanning the CIDR blocks (IP ranges) of managed services and smartly leveraging pre-known network infrastructure to find live servers within reach.
Here's what he discovered:
“In just 1 day, I found thousands of ElasticSearch databases and Kibana dashboards that exposed sensitive information, most probably by mistake. Sensitive information about customers: emails, addresses, current occupation, salaries, private wallets addresses, locations, bank accounts, and other sensitive information. Production Logs that are written by Kubernetes cluster — From the applications logs to the kernels and system logs. Logs that are collected from all the nodes, pods, and applications running on top of them, in one place, are open to the world. I just got there first. Some of the databases were already malformed by ransomware.”
— Avi Lumelsky, InfoSec Write Ups - “How I Discovered Thousands of Open Databases on AWS”
And one of the companies he found to be compromised listed themselves as giving services to companies such as AWS, IBM, Forbes, and Google.
Lumelsky also found that a large number of the open databases were already malformed with ransomware. That just goes to show you that if you give them an opportunity, hackers will claim your data… and while the big guys may be able to take the hit, thanks to the resources and financials they have in place to help them recover and bounce back, mid-size organizations may not be so lucky. That’s why it’s vital to protect yourself proactively, so you don’t have to worry about how you’ll handle the aftermath.
Bringing Enterprise-Level Protection to Mid-Size Orgs
The popular adage goes, “In theory, there is no difference between theory and practice, while in practice there is.” In theory, mid-sized businesses can take care of misconfigurations on their own. In practice, they often cannot. After all, it’s not just about identifying misconfigs - it’s about having the right context and intel to fix them and ensure they don’t happen again.
That’s where Tenacity comes in.
Tenacity was created to democratize security and brings enterprise-level protection to mid-size organizations using AWS clouds. Sure… big enterprises have the talent, staff, playbooks, and resources to respond to cybersecurity events. But Tenacity acts as a force multiplier and security force specifically for your mid-size organization. We collaborate with you to give confidence in your cloud, while saving you some serious bank.
In fact, many of Tenacity’s partners have saved so much in money, time, trouble, and resources, the platform has paid for itself — and then some.
Ready to get a grip on your cloud security? Click here to Sign Up for a free cloud security report — no credit card, sales people, or meetings required.