AWS_1

Let’s try something a bit different and take a look at some of Trustwave SpiderLabs’  Open Source Intelligence (OSINT) research findings, and exploitation of vulnerable buckets and domains. I published this research internally on February 3, 2023, and here are my findings. Today, I will share with you how deleted S3 buckets could become a liability or threat to your organization and highlight the importance of cybersecurity in data and asset management.

An Amazon “Simple Storage Service” (S3) is a public cloud storage service, a resource available in the Amazon Web Services (AWS) platform. It provides object-based storage where data is kept  inside S3 buckets in distinct units called objects. I will discuss the benefits and risks of using cloud-based applications, particularly S3 buckets, as evidenced by our research findings.
 
While cloud-based applications have many benefits, they also pose various security risks. Some cloud-based applications can increase operational efficiency by allowing organizations to access software and data quickly, and by allowing employees, colleagues, and clients to communicate robustly, and arguably more securely, on any device. Storing all data in the cloud can reduce the need for costly hardware and software maintenance. As one can see with AWS, organizations can leverage cloud-hosted applications to benefit from improved scalability, reliability, and security.

However, there are risks when using cloud-based applications or storage, and it is essential to acknowledge that reliance on cloud-based solutions is not without challenges.  We can consider this a consequential security risk when storing data in the cloud. Common security pitfalls include poor asset tracking along with the absence of adequate policies or best practices implemented, which could ultimately result in data leakage and exploitation of assets.

Let us explore the nexus between cloud-based application security benefits and risks based on our OSINT AWS S3 bucket research findings.