FlagThis

Researchers at WatchTowr Labs have uncovered a significant security vulnerability related to abandoned Amazon Web Services (AWS) S3 buckets. These buckets, previously used by various software projects, governments, Fortune 500 companies, and even cybersecurity firms, are now posing a serious threat to the global software supply chain. The study revealed that approximately 150 S3 buckets, after being abandoned, could be re-registered with the same AWS account name. This would allow malicious actors to inject malicious code into software update mechanisms or deployment code, potentially compromising systems and sensitive networks.

WatchTowr researchers, through their analysis, demonstrated the potential for attackers to exploit these abandoned S3 buckets. They found that these buckets were still receiving millions of HTTP requests, including requests for software updates, making them prime targets for supply chain attacks. CEO Benjamin Harris emphasized the inherent issue with the world's approach to infrastructure abandonment and how easy it is to insert malicious code. To mitigate this, AWS has blocked the specific buckets identified by WatchTowr from being re-created and noted having unveiled a bucket ownership condition functionality curbing inadvertent bucket name reuse.

ImgSrc: cms.therecord.media

References:

• labs.watchtowr.com - Researchers at WatchTowr Labs have uncovered a critical security vulnerability in abandoned Amazon Web Services (AWS) S3 buckets that could enable attackers to hijack the global software supply chain. - 15d
• therecord.media - Researchers warned of malicious actors taking over abandoned AWS S3 buckets. - 15d
• SCM feed for Security Strategy, Plan, Budget - Extensive software supply chain compromise possible with deserted AWS S3 buckets. - 15d

Classification:

• HashTags: AWS S3 SecurityRisk
• Company: Amazon
• Target: AWS S3 Buckets
• Product: AWS S3
• Feature: Abandoned S3 Buckets
• Type: Vulnerability
• Severity: Major