Oops, They Did it Again - Attivo Networks
Attivo Networks Blogs

Oops, They Did it Again

Last week Dow Jones, the business and financial news company that owns the Wall Street Journal, admitted that 2.2 million customers’ details were exposed due to an Amazon S3 bucket misconfiguration. They are not alone and follow similar mishaps reported by Verizon, World Wrestling Entertainment, and Scottrade. They all share a common root problem, user error that resulted in exposing the contents of their S3 buckets. There are now over one million authenticated AWS users and S3 misconfigurations are becoming all too common.

One may ask, how does this happen and isn’t this data not supposed to be publicly accessible? By default, these services are tightly restricted and not publicly accessible. However, the exposure occurs when organizations choose to grant public or semi-public access and in doing so, accidentally misconfigure their buckets, which can result in their data becoming exposed.

The data exposure was discovered by Chris Vickery, a researcher with the cyber risk team at security vendor UpGuard on May 31st, and notified Dow Jones on June 5. UpGuard shared that the vulnerability appeared to have been secured by the next day.

A Dow Jones spokeswoman confirmed the situation and made the public statement, “We were made aware that certain Dow Jones/WSJ subscriber and Risk & Compliance content was over-exposed on Amazon Cloud (not the open internet). This was due to an internal error, not a hack or attack. Exposed details included some customers’ names, email and mailing addresses, and the last four digits of their credit card numbers.” They did not share whether they planned to notify potentially impacted customers.

Human error is an all too often the root-cause of security errors that result in a data breach. Organizations can take some straightforward steps to mitigating risks and to keep their name out of this growing list of compromised companies.

S3 or bucket-using organizations can prevent user errors by applying the right policies, documenting, practices, AND putting monitoring in place to quickly detect issues as they arise.

Organizations should also have security controls in place to understand attack paths and put security controls in place to alert on attacker lateral movement as they look to conduct reconnaissance, steal credentials, and escalate their attack.

Defense in depth would also add offense-based security controls and add in decoys and deception. This would add trip wires for the attacker so that their presence would be quickly revealed as they look to engage with decoys or attempt to use deception lures.

These three basic steps will help any organization better protect themselves to not only nefarious actions but also to simple mistakes that we are all prone to make as the humans that we are.

To discuss best practices in today’s environment, please visit Attivo Networks at BlackHat 2017 this week, held at the Las Vegas Convention Center, South Hall Booth #454. While there, don’t miss our Altered Reality Deception Hall of Mirrors, offering attendees an opportunity to experience the role of deception in changing the game on modern-day human attackers.

Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free

FAST AND EASY

Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

Newsletter Signup

    Yes, please opt me in to receive your quarterly newsletter, event invitations, and product updates.

    I understand that I can opt out at any time, and can refer to Attivo Networks Privacy Policy for more information.
  • This field is for validation purposes and should be left unchanged.

ADSecure 90-Day Free Trial

GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY

  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise

RSS

Leave a Comment

Your email address will not be published. Required fields are marked *

five + five =

Ready to find out what’s lurking in your network?

Scroll to Top