Highly Sensitive Data is Exposed by Incorrect Cloud Security Configuration

Problem Statement

ABC* managed its client's web app support business on the AWS cloud. They inadvertently misconfigured the safety features of new cloud buckets they acquired, putting their whole customer's sensitive and confidential information in danger. This problem was found while the organization's cloud infrastructure was being scanned for vulnerability assessment and penetration testing (VAPT).

This organization's major business was constructing web apps based on customer requests served on the AWS cloud, handling its operations debugging, and delivering continual improvement to their built web apps based on client requirements. Furthermore, their IT administrator believed that the AWS cloud was the finest and safest place to keep sensitive data from their growing customer base because it required login access.

This corporation used to acquire cloud storage buckets from AWS regularly to meet the organization's ever-increasing business needs. The IT team of this corporation acquired two AWS buckets as an ongoing business functioning portion to keep backup information of the organization's clients' documentation and recovery passwords.

However, the IT administrator failed to make the public AWS bucket private, which was set to public when the firm first acquired it. He also omitted to use Cloud-Identity-and-Access-Management (Cloud-IAM) rights to limit bucket access. Despite cloud login security access, this vulnerability might allow any user throughout the whole internal and external organization's network to view the organization's overall customer's critical data bucket information.

If an external malevolent attacker discovered this weakness, he not only would have harmed the organization's commercial reputation, but he might also have launched crucial secondary assaults on the organization's clients. As a result, this hostile attacker's behavior might have revealed sensitive corporate information such as private API data, authentication credentials, certificates, decryption keys, and sensitive personal information connected to client information.

As a result, this problem emphasizes the need for an organization to do Vulnerability Assessment and Penetration Testing (VAPT) activities regularly. As part of the ISO27001 compliance and system audit ordered by this organization's director, SOC Shashwat performed VAPT on this organization's cloud and information systems assets. This activity assists the company in protecting its information systems from potential zero-day attacks, assessing and patching its information systems vulnerability after exploiting it if permitted and improving the firm's security architecture.

Inspection

SOC Shashwat executed the above ABC organization's VAPT and system audit as part of security policy compliance, with the organization's director and management's consent.

Since the firm was using public cloud services, the first inquiry step conducted by SOC Shashwat was the reactivation of policies agreed upon by the organization with the cloud provider. We followed the Amazon cloud provider's suggested approach during this process. As part of this process, we agreed on the things to be covered by the pen-testing strategy with the organization's application admin team. We also chose the necessary pen testing tools to detect misconfigurations and holes in this organization's AWS cloud and buckets.

We did several AWS pen testing specialized tests, including EC2 instance and application exploitation, testing AWS IAM keys vulnerabilities, and S3 bucket configuration and permissions problems. During this process, we discovered that two AWS buckets recently acquired by the organization's IT team were misconfigured for public access, making them downloadable to anybody who typed the buckets' site URLs into their internet browser. The buckets "clientele-docs" and "clientele-rescue_ssl" disclosed important and very sensitive internal information of the organization's clients, which was kept by the user "abcitmang001," which might be an indicator of the buckets' origin.

We discovered considerably sensitive data in the aforementioned misconfigured cloud. The "clientele-docs" AWS bucket included a substantial quantity of databases containing sensitive records of the organization's clients, whereas the "clientele-rescue_ssl" bucket contained a folder entitled client.aws.abc.com. This folder included "Cloud_File_Store_Rescue_Key," which contained various private keys as well as certificates used to decrypt traffic between the aforementioned firm and its clients.

During VAPT, it was discovered that the aforesaid credentials associated with the rescue request were tied to the organization's access to the Google cloud server client's shared data. This flaw might allow an attacker to compromise the organization's client's cloud assets and network.

As a result, the VAPT activity assisted SOC Shashwat in identifying the security weakness in the organization's AWS bucket and network. SOC Shashwat also advised the organization's IT management to fix this vulnerability as soon as possible to protect the organization's cloud assets and network from hostile actor assaults.

Interpretation

SOC Shashwat detailed the findings of the VAPT of the business's AWS cloud infrastructure and information systems and gave remedial suggestions to the organization. The study detailed the risks discovered in the organization's AWS infrastructure, including the network. In one of those risks, we identified the above incidence as a probable extreme high risk, indicating a higher possibility of a bad actor exploits having a great impact on the firm.

In addition, since a major discovery was uncovered, we executed a surprise retest to verify repair before the completion of the organization's VAPT project. We professionally advised the organization's IT manager to remain attentive and examine the organization's new cloud bucket configurations regularly. Apart from scanning the network, we suggested that the client set up a regular schedule to check for incorrect rights in the cloud. We also advised him on how to protect sensitive information in his company.

Furthermore, this organization's IT manager silently protected the servers the minute this incident was discovered. It later demonstrates that owing to the IT manager's minor negligence, it may have cost this firm dearly by revealing critical data and posing major risk effects.

Lastly, this cloud leak incident demonstrates that even the most modern and secure businesses can release sensitive data, posing substantial risks. It may have resulted in major and devastating effects such as loss of organizational goodwill, compromised client business settings, and significant financial harm to the organization's business partners as a whole.

As a result, the VAPT activity performed for this company assisted them in securing their data from the aforementioned sort of event