Cloud Storage Misconfiguration Threats

Advisory ID: ngCERT-2023-0038

Summary: Cloud storage misconfigurations have emerged as one of the most serious threats to data security in cloud storage systems. In a recent instance, 25,000 participants in PricewaterhouseCoopers' (PwC) Nigeria Tech Talent Bootcamp were at risk of identity theft after confidential data was stolen through a misconfigured Amazon Web Services account. In another development, the World Baseball Softball Confederation (WBSC) left a data repository open, exposing approximately 50,000 files, some of which were highly sensitive. Furthermore, a misconfiguration in the San Francisco Metropolitan Transportation Commission (MTC) systems resulted in the release of over 26,000 files, exposing clients' home addresses and vehicle plate numbers. It is important to know that threat actors are always looking for vulnerabilities such as misconfigured AWS, Azure, or Google Cloud resources in order to exploit them. Given the foregoing, cloud-based digital end-users must ensure correct configuration of their data buckets to avoid data breaches.   

Threat Type(s): Vulnerability

Damage/Probability: HIGH/HIGH

Description: Cloud misconfiguration is an improper configuration of a cloud system and may occur when a user or administrator fails to implement the correct security settings in a cloud application. Although there may be shared responsibilities between the cloud providers and end users, it often the obligation of the end users to ensure the proper configuration of cloud services acquired. Some common cloud misconfigurations include inadequate monitoring and logging of activities to track changes, using default credentials provided by the cloud service provider, using third-party resources, storage access misconfigurations, non-validation of cloud security controls, excessive permissions and unrestricted ports. Such vulnerabilities could be exploited by threat actors to gain access to an organisation’s storage, resulting in the theft of sensitive information such as sensitive credentials and API keys.

Consequences: Misconfigured cloud assets can be a doorway to the theft of location data, passwords, financial information, phone numbers, health records and other exploitable personal data. Threat actors may then leverage this data for phishing and other social engineering attacks.

Solution: Cloud storage end-users should:

1. Ensure strict monitoring and logging of activities to keep track of changes or suspicious behaviour.
2. Avoid using default credentials in the production environment.
3. Conduct extensive research on the security vulnerabilities of third-party resources before opting for their services.
4. Ensure that storage access is restricted to individuals within the organisation and enable robust encryption for critical data stored in the buckets.
5. Apply the principle of least privilege for both machines and humans for access to all systems. 

References:

• https://cybernews.com/security/san-francisco-mtc-bart-data-leak/ 
• https://cybernews.com/security/wbsc-data-leak-passports/
• https://cybernews.com/security/pwc-nigeria-tech-bootcamp-ids-exposed/
• https://securityintelligence.com/articles/why-cloud-misconfigurations-major-issue/