2025-02-21 23:17:42 Pacfic
Abandoned AWS S3 Buckets Facilitate Software Supply Chain Hijacking - 16d
Researchers at watchTowr Labs have uncovered a significant security flaw involving abandoned Amazon Web Services (AWS) S3 buckets, potentially allowing attackers to compromise the software supply chain. The analysis revealed that nearly 150 S3 buckets previously used by various organizations, including cybersecurity firms, governments, Fortune 500 companies, and open source projects, could be re-registered. This re-registration could enable attackers to inject malicious code or executables into deployment processes and software update mechanisms.
Over a two-month period, these abandoned buckets received over eight million HTTPS requests for various files, including software updates and other binary artifacts. The requests originated from a wide range of sources, including government networks in multiple countries, military networks, Fortune 100 and 500 companies, and even cybersecurity companies. This vulnerability could allow threat actors to deliver malware or backdoors to these organizations, leading to widespread security breaches. AWS has since blocked the specific buckets identified by watchTowr to prevent their re-creation and potential misuse.
ImgSrc: regmedia.co.uk
References:
- The Register - Security: CSO - Abandoned AWS S3 buckets can be reused in supply-chain attacks that would make SolarWinds look 'insignificant' - 16d
- @screaminggoat - watchTowr : Abandoned AWS S3 buckets could be reused to conduct supply chain attacks. - 16d
- go.theregister.com - Abandoned AWS S3 buckets can be reused in supply-chain attacks that would make SolarWinds look 'insignificant' When cloud customers don't clean up after themselves, part 97 Abandoned AWS S3 buckets co - 16d
- www.theregister.com - watchTowr : Abandoned AWS S3 buckets could be reused to conduct supply chain attacks. - 16d
- labs.watchtowr.com - WatchTowr Labs research details 8 million requests against AWS S3 buckets. - 16d
- News | CSO Online - Code references to nonexistent cloud assets continue to pose significant security risks, and the problem is only growing. Recent research identified approximately 150 AWS S3 storage buckets once used - 15d
- SCM feed for Security Strategy, Plan, Budget - Nearly 150 S3 buckets previously leveraged by cybersecurity firms, governments, Fortune 500 companies, and open source projects could be re-registered with the same AWS account name to facilitate exec - 15d
- www.securityweek.com - Abandoned Amazon S3 Buckets Enabled Attacks Against Governments, Big Firms - 15d
- BleepingComputer - How attackers abuse S3 Bucket Namesquatting — And How to Stop Them - 15d
- SecurityWeek - Abandoned Amazon S3 Buckets Enabled Attacks Against Governments, Big Firms - 15d
- therecord.media - Researchers warn of risks tied to abandoned cloud storage buckets - 14d
- @jgreig - Researchers at Watchtowr warned of malicious actors taking over abandoned AWS S3 buckets used by governments, militaries, Fortune 500 companies and even some cybersecurity firms - 14d
- darkreading - Researchers from watchTowr discovered around 150 Amazon Web Services S3 buckets that were formerly used by organizations for software deployment and updates but were then abandoned. - 14d
Classification:
- HashTags: SupplyChainSecurity AWS S3
- Company: AWS
- Target: Global Software Supply Chain
- Attacker:
- Product: S3 Buckets
- Feature:
- Type: HighRisk
- Severity: Major