Researchers at Aqua Security unveiled six critical vulnerabilities in Amazon Web Services (AWS) that could have potentially enabled threat actors to carry out remote code execution (RCE), exfiltration, denial-of-service attacks, or account takeovers against organizations. The vulnerabilities were identified in various AWS services, including Cloud Formation, CodeStar, EMR, Glue, SageMaker, and Service Catalog.
Lead security researcher Yakir Kadkoda from Aqua Security emphasized the severity of the vulnerabilities, noting that they provided attackers with access to other accounts with minimal effort. The vulnerabilities were disclosed during a briefing at Black Hat USA in Las Vegas, where new attack vectors dubbed “Bucket Monopoly” and “Shadow Resources” were detailed.
Bucket Monopoly, the first attack method uncovered by researchers, focused on exploiting weaknesses in AWS S3 storage buckets. These storage containers were found to use predictable AWS account IDs instead of unique identifiers for bucket names, making them vulnerable to exploitation. To address this issue, AWS updated default configurations to include random identifiers for bucket names, enhancing security against potential attacks.
Moreover, the Shadow Resources attack vector discovered by researchers highlighted the potential for creating AWS S3 service components unknown to the account owner. By engaging in resource squatting, attackers could take advantage of unused geographic regions in AWS CloudFormation to gain access to victim workloads stored in new regions. This method allowed attackers to manipulate S3 buckets and potentially execute remote code to compromise sensitive data.
While AWS has taken steps to mitigate these vulnerabilities in their services, researchers cautioned that open source projects deployed in AWS environments could still be at risk. Many open source projects automatically create predictable S3 buckets, making them susceptible to exploitation. Users were advised to rename existing buckets and avoid using static identifiers to prevent attackers from exploiting the vulnerabilities.
In conclusion, the discoveries made by Aqua Security researchers shed light on the critical vulnerabilities present in AWS services and the potential risks associated with exploitable attack vectors. By addressing these issues and implementing enhanced security measures, organizations can better protect their data and infrastructure from malicious actors seeking to exploit weaknesses in cloud environments.