Ghostwriter haunts Amazon S3 buckets

Amazon have introduced new security features for S3, including an automatic encryption option.
  • Hackers can exploit exposed Amazon S3 buckets to carry out silent and violent Man-in-the-Middle attacks.
  • The so-called “GhostWriter” technique relies on unrestricted write-access to allow the stealthy intruders to replace original files with modified versions to be used for nefarious purposes. Both a company’s end users and their employees alike can be targetted.
  • “Bucket owners who store JavaScript or other code should pay particular attention to this issue to ensure that 3rd parties don’t silently overwrite their code for drive-by attacks, Bitcoin mining, or other exploits,” warned Sekhar Sarukkai, Chief Scientist at Skyhigh Networks.
  • Earlier this year, a Chinese threat-group used a technique that may have been GhostWriter to infiltrate cloud providers in order to gain a foothold deep inside their targets’ internal networks.
  • Security researcher Dylan Katz pointed out that GhostWriter is eerily similar to how Russian cyber-espionage group APT28 (DNC hackers) often replace legitimate files on shared directories with malware-laced documents.
  • In a scan of over 1,600 Amazon S3 buckets accessed from inside enterprise networks, Skyhigh said that 4% were vulnerable to GhostWriter attacks.
  • Companies are advised review the Amazon documentation pages and make sure they fully understand their S3 server’s permissions level.

So you Think Shes Cheating on You - Put Your Mind at Rest With FlexiSPY (728x90)

Be the first to comment

Leave a Reply

Your email address will not be published.