A new security threat has emerged in the cloud, posing a risk to systems running the distributed object storage system MinIO. MinIO, an open-source platform compatible with Amazon S3, allows companies to manage unstructured data. Recent research by Security Joes has uncovered cybercriminals exploiting critical vulnerabilities in MinIO to gain control over corporate networks.
The specific exploit chain utilized by the threat actors has not been previously documented, indicating a new trend in attacks on non-native solutions. Security Joes noted that it was surprising to discover that MinIO and similar products had relatively easy-to-exploit vulnerabilities, making them attractive to attackers who can easily find them using online search engines.
In the attack observed by Security Joes, cybercriminals deceived a DevOps engineer into updating MinIO with a malicious version that operated as a backdoor. Upon investigation, Security Joes incident responders discovered that the update contained a command shell function called “GetOutputDirectly()” and remote code execution (RCE) exploits for the disclosed vulnerabilities. These vulnerabilities, known as CVE-2023-28434 and CVE-2023-28432, were disclosed in March.
Interestingly, the researchers found that the weaponized version of MinIO, dubbed “Evil_MinIO,” is available in a GitHub repository. Although the attack that was discovered was stopped before the RCE-and-takeover phase, the existence of this booby-trapped software should raise concerns among users, particularly software developers. A successful attack could lead to the exposure of sensitive corporate information, intellectual property theft, unauthorized access to internal applications, and potentially deeper infiltration into an organization’s infrastructure.
Security Joes emphasizes the importance of prioritizing security throughout the software development lifecycle. Failing to do so can result in critical oversights that expose organizations to significant risks. While these risks may not be immediate, they are ever-present and await the right opportunity for exploitation.
The emergence of this new attack vector highlights the need for increased vigilance and proactive measures to protect cloud-based systems. Users of MinIO and similar platforms should remain cautious and ensure they are using the latest secure versions. Additionally, organizations should implement robust security practices, such as regular vulnerability assessments, code reviews, and employee training on identifying and responding to phishing attempts.
As the cloud continues to play a central role in digital transformation and data storage, it has become an attractive target for cybercriminals. It is crucial for companies to stay informed about the latest vulnerabilities and take proactive steps to mitigate risks. By prioritizing security at every stage of development and staying vigilant against evolving threats, organizations can protect their valuable data and maintain the trust of their customers.