Abandoned digital resources on Amazon Web Services pose significant security threats, according to new research by WatchTowr. Cybersecurity experts monitored neglected S3 buckets once used by various organizations, revealing vulnerabilities that could facilitate large-scale supply chain attacks. The study underscores the persistent dangers inherent in forgotten cloud infrastructure.
Similar to previous incidents like the SolarWinds breach, the current findings highlight how overlooked cloud assets can be exploited by malicious actors to compromise sensitive networks and distribute malware.
How were the abandoned S3 buckets exploited?
WatchTowr researchers gained control of approximately 150 neglected Amazon S3 assets and observed them receiving over 8 million HTTP requests. These requests included attempts to access software updates, unsigned binaries for various operating systems, virtual machine images, and server configurations. Such activity indicates potential avenues for attackers to distribute malware or gain unauthorized access to critical systems.
What types of organizations were affected?
A wide range of entities interacted with the abandoned S3 buckets, including government networks from countries like the United States, United Kingdom, and South Korea, as well as Fortune 500 companies, financial institutions, universities, and cybersecurity firms. This broad spectrum of affected organizations demonstrates the widespread reliance on cloud infrastructure and the critical need for proper maintenance and security practices.
What measures can prevent such security risks?
To mitigate these risks, organizations must implement robust cloud management protocols, including regular audits of digital assets, timely decommissioning of unused resources, and stringent access controls. Additionally, collaboration with cloud service providers to monitor and secure abandoned infrastructure is essential in preventing unauthorized exploitation.
“We believe that in the wrong hands, the research we have performed could have led to supply chain attacks that out-scaled and out-impacted anything we as an industry have seen so far — or put more clearly, we’d have embarrassed Cozy Bear and made their SolarWinds adventures look amateurish and insignificant,”
reads WatchTowr’s blog. Another statement from the company emphasizes,
“We will not entertain any conversation or speculation that we targeted any organization,”
highlighting that the intent was to reveal systemic vulnerabilities rather than target specific entities.
The investigation by WatchTowr reveals systemic issues in cloud infrastructure management, particularly the abandonment of digital resources that remain vulnerable over extended periods. Ensuring the security of cloud assets requires a proactive approach to monitoring and maintenance, addressing not just technical configurations but also the organizational practices that lead to neglect.
Effective cloud security strategies should include automated tools for detecting and retiring unused resources, comprehensive logging of access attempts, and regular security assessments to identify and remediate potential vulnerabilities. By adopting these measures, organizations can significantly reduce the risk of their neglected infrastructure being exploited for malicious purposes.
