, , ,

AWS customers hit by major cyberattack which then stored stolen credentials in plain sight


  • Researchers find vulnerabilities in public sites that exposed sensitive information
  • They later discovered a campaign using the flaws to exfiltrate data from “millions of websites”
  • The crooks were selling the data on the dark web for “hundreds of euros”

Misconfigured cloud instances have once again been abused to steal sensitive information such as login credentials, API keys, and more.

This time around, the victims were countless Amazon Web Services (AWS) customers who don’t seem to understand the shared responsibility model of cloud infrastructure.

In August 2024, independent security researchers Noam Rotem and Ran Loncar uncovered vulnerabilities in public sites that could be abused to access sensitive customer data, infrastructure credentials, and proprietary source code.

Selling the data on Telegram

Further investigation determined French-speaking threat actors, possibly linked to Nemesis and ShinyHunters hacking groups, were scanning “millions of websites” and using the vulnerabilities to extract sensitive data.

The information pulled this way included AWS customer keys and secrets, database credentials, Git credentials and source code, SMTP credentials (for email sending), API keys for services like Twilio, Binance, and SendGrid, SSH credentials, cryptocurrency-related keys and mnemonics, and other sensitive access credentials (e.g., for CPanel, Google accounts, and third-party services). Some victims were identified, but not named in the report, for obvious security reasons.

The miscreants were then selling the archives in a dedicated Telegram channel, earning “hundreds of euros per breach.” Good, since they will probably need the money for legal counsel, once they’re arrested and tried.

“Our investigation has identified the names and contact information of some of the individuals behind this incident,” the researchers said. “This may assist in further actions against the perpetrators.”

Rotem and Loncar reported their findings, first to the Israeli Cyber Directorate, and later to AWS Security. The two “began to take immediate actions” to mitigate the risk, although AWS stressed that the vulnerability was not in the system, but rather in the way customers were using it:

“The AWS Security team emphasized that this operation does not present a security concern to AWS, rather, it is on the customer side of the shared responsibility model — a statement that we fully agree with,” vpnMentor said in its report.

Cybersecurity pros are constantly warning about cloud misconfigurations being one of the key reasons for breaches. Ironically enough, hackers don’t seem to be heeding these warnings, either, since the researchers found all of the stolen files – in an unprotected AWS database.

“Data harvested from the victims was stored in an S3 bucket, which was left open due to a misconfiguration by its owner,” it was said. “The S3 bucket was being used as a “shared drive” between the attack group members, based on the source code of the tools used by them.”

Ultimately, AWS reported “handling the issue” on November 9.

You might also like

https://www.techradar.com/pro/security/aws-customers-hit-by-major-cyberattack-which-then-stored-stolen-credentials-in-plain-sight


Leave a Reply

Your email address will not be published. Required fields are marked *

December 2024
M T W T F S S
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

About Us

Welcome to encircle News! We are a cutting-edge technology news company that is dedicated to bringing you the latest and greatest in everything tech. From automobiles to drones, software to hardware, we’ve got you covered.

At encircle News, we believe that technology is more than just a tool, it’s a way of life. And we’re here to help you stay on top of all the latest trends and developments in this ever-evolving field. We know that technology is constantly changing, and that can be overwhelming, but we’re here to make it easy for you to keep up.

We’re a team of tech enthusiasts who are passionate about everything tech and love to share our knowledge with others. We believe that technology should be accessible to everyone, and we’re here to make sure it is. Our mission is to provide you with fun, engaging, and informative content that helps you to understand and embrace the latest technologies.

From the newest cars on the road to the latest drones taking to the skies, we’ve got you covered. We also dive deep into the world of software and hardware, bringing you the latest updates on everything from operating systems to processors.

So whether you’re a tech enthusiast, a business professional, or just someone who wants to stay up-to-date on the latest advancements in technology, encircle News is the place for you. Join us on this exciting journey and be a part of shaping the future.

Podcasts

TWiT 1011: The Year in Review – A Look at the Top Stories of 2024 This Week in Tech (Audio)

What's behind the tech industry's mass layoffs in 2024? : NPR Rabbit R1 AI Assistant: Price, Specs, Release Date | WIRED Stealing everything you've ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster. Microsoft delays Recall after security concerns, and asks Windows Insiders for help The Qualcomm Snapdragon X Architecture Deep Dive: Getting To Know Oryon and Adreno X1 Elon Musk: First Human Receives Neuralink Brain Chip Apple hit with €1.8bn fine for breaking EU law over music streaming Bluesky emerges The hidden high cost of return-to-office mandates Apple's Car Was Doomed by Its Lofty Ambitions to Outdo Tesla SpaceX pulls off unprecedented feat, grabs descending rocket with mechanical arms U.S. versus Apple: A first reaction Google Says It Won't Force Gemini on Partners in Antitrust Remedy Proposal U.S. Accuses Chinese Hackers of Targeting Critical Infrastructure in America U.S. Agency Warns Employees About Phone Use Amid Ongoing China Hack AT&T says criminals stole phone records of 'nearly all' customers in new data breach National Public Data confirms breach exposing Social Security numbers Schools Want to Ban Phones. Parents Say No. New York passes legislation that would ban 'addictive' social media algorithms for kids GPT-4o (omni) + new "Her"-style AI assistant (it's nuts) Google emissions jump nearly 50% over five years as AI use surges Trump proposes strategic national crypto stockpile at Bitcoin Conference Ten additional US states join DOJ antitrust lawsuit looking to break up Live Nation and TicketmasterThe Internet Archive just lost its appeal over ebook lending Hezbollah Pagers Explode in Apparent Attack Across Lebanon OpenAI raises $6.6 billion in largest VC round ever Painting by A.I.-Powered Robot Sells for $1.1 Million Netflix's Live Mike Tyson Vs. Jake Paul Fight Battling Sound & Streaming Glitches In Lead-Up To Main Event Infowars Sale to The Onion Rejected by Federal Bankruptcy Judge Supreme Court agrees to hear challenge to TikTok ban So You Want to Solve the NJ Drone Mystery? Our Expert Has Some Ideas Beeper's push for iMessage on Android is really over The Quiet Death of Ello's Big Dreams Japan finally ends mandatory form submission on floppy disks We'll Miss You: Pioneering instant messaging program ICQ is finally shutting down after nearly 30 years Spotify is going to break every Car Thing gadget it ever sold Game Informer to Shut Down After 33 Years In Memoriam Host: Leo Laporte Guests: Fr. Robert Ballecer, SJ, Richard Campbell, and Mikah Sargent Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsor: bitwarden.com/twit
  1. TWiT 1011: The Year in Review – A Look at the Top Stories of 2024
  2. TWiT 1010: The Densest State in the US – TikTok Ban, Drones Over Jersey, GM Quits Robotaxis
  3. TWiT 1009: Andy Giveth & Bill Taketh Away – Trump's Tech Titans, Crypto Boom, TikTok's US Ban, Intel CEO Exits
  4. TWiT 1008: Internet Legal – Australia's Social Media Ban for Kids, Smart Home Nightmare, Bluesky's Ascent
  5. TWiT 1007: All the Hotdogs in the World – China's "Salt Typhoon" Hack, Google on the Chopping Block, Recall AI