A collection of neglected buckets could be repurposed in an attack.
Amazon AWS S3 buckets could be hijacked to conduct a supply chain attack, significantly more damaging than the SolarWinds Orion hit.
Nearly 150 S3 buckets previously leveraged by cybersecurity firms, governments, Fortune 500 companies, and open source projects could be re-registered with the same AWS account name to facilitate executable and/or code injections in the deployment code/software update mechanism.
That is according to an analysis from watchTowr Labs researchers, who have already moved to sinkhole all of the abandoned buckets to prevent potential compromise, reports The Register.
Benjamin Harris, CEO and founder of watchTowr, said this incident could be easily addressed if Amazon prohibits repeat usage of S3 bucket names.
"After conducting their research without notifying AWS, watchTowr provided the bucket names to AWS, and to protect our customers, we blocked these specific buckets from being re-created," said an AWS spokesperson.
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
