I have been investigating an incident involving two EC2 instances on AWS that were infected with ransomware, cryptocurrency miners, and other types of malware. Sounds scary, right?! Well actually, the approaches that the attackers took to get onto the hosts do not appear to be that sophisticated, and this type of attack could occur in any environment, not just in the cloud. … [Read more...]
Top Cloud Security Threats
This week over 44,000 people traveled to Las Vegas to attend AWS re:Invent, Amazon’s largest conference of the year. I spoke to a crowd of close to 500 people on Monday about top cloud security threats, along with my co-presenter, Boyan Dimitrov, from Sixth who presented on compliance and security automation. A short overview follows. For more information, watch the video and … [Read more...]
Configuration Management to the Rescue: Patching and S3 Buckets
I recently wrote a two-part series of articles for Dark Reading on the technical and organizational challenges that make patching hard in large organizations like Equifax. The same types of issues factor into the recent rash of AWS S3 Bucket breaches I examined in a prior Secplicity blog post. In each of these scenarios, someone in the organization is responsible for updating a … [Read more...]
The Problem with Hacking Back: It Might Be Your Network
The US government is considering allowing companies to “hack back” against cyber attackers. The Active Cyber Defense Certainty Act (ACDC) amends the Computer Fraud and Abuse Act to allow limited retaliatory strikes against cyber attackers. The full PDF amendment is available online. As noted in some comments in an article on the UK Register there is some skepticism about this … [Read more...]
S3 Bucket Security: More Than ACLs and Policies
Many companies are suffering data breaches because attackers gain access to data in AWS S3 buckets. I don’t want to repeat all the news articles outlining all the S3 data breaches. A Google search will give many examples, and it seems like by the time I write this another one will be in the news. Instead, I’d like to jump to why these S3 bucket breaches are happening and how to … [Read more...]