AWS Cloud services has become one of the leading worldwide solutions providers for data management and storage, with the company boasting more than 1,000,000 active users. However, such a large business scale puts Amazon as a high-risk target of cyber security issues and attacks.
Recently, a cyber-incident occurred involving an Amazon S3 bucket, which publicly disclosed high-level information about GoDaddy’s infrastructure and finance strategies. The exposed data contained documentation on 31,000 systems, as well as Amazon-GoDaddy’s pricing and discount options.
If this information had been accessed by malicious entities, the organisation could have faced serious consequences. After all, the compromised AWS S3 bucket contained confidential correspondence between Amazon and GoDaddy that could have been used by competing market players to get ahead in the business. With approximately a fifth of the internet hosted by GoDaddy, a very-well-crafted attack could’ve disrupted a considerable chunk of the global Internet.
With so many companies using Amazon Cloud services like AWS S3 storage, cloud security plays an important role in keeping organisational and customer data safe. By analysing the details of how this incident took place, there are couple of points that provide insight into how security can be better implemented to help minimise security risks.
Ensuring secure configuration
Around 70% of cyber security incidents occur due to security misconfigurations, so relying on the security of an external vendor or service provider, even as big as Amazon AWS, Microsoft Azure and the rest, doesn’t guarantee that you will be safe.
The incident occurred by creating an S3 bucket and not following best practices. After all, S3 buckets can be locked down or made publicly available.
If the goal is to store sensitive information, S3 buckets should be locked down to authorised users that have explicit access. Creation of S3 buckets should also be done by an admin who can configure it according to best practises and ensure its appropriately locked down, in the process removing the risk of external web exposure through security misconfiguration.
Raising security awareness
Security is everybody’s responsibility and not limited to system administrators or IT security engineers to put security into practice. Having good security policies, guidelines and standards will not be effective unless it is well communicated and applied. Communication is key in raising security awareness, and should be actively promoted and monitored as part of the continuous improvement of any organisation.
Enforcing security policies and incident response
Shortly after the discovery by UpGuard, GoDaddy was notified of the issue, but the issue was not resolved for over five weeks! GoDaddy claimed it was a normal delay between the incident being reported and a fix being deployed.
With malicious actors continuously scanning for exposed data, it’s imperative that incident notifications are followed up and, if applicable, a fix is deployed within the shortest amount of time possible. Having sensitive information exposed online for a prolonged time raises the risk of someone uncovering the information and causing more serious damage to the organisation.
It is important to assess the effectiveness of the security incident response process periodically to determine if it still meets expectations, and take into account the changes in the threat landscape.
Securing cyber space is always a challenging task. There are many solutions and approaches, but no silver bullet when it comes down to securing the human factor.
Prevention is key, but if that fails, make sure you have detection and correction controls in place. Additionally, ensure your incident response is set up to remove any vulnerabilities and leaks as fast as possible.
References: