Incident Review: Misconfigured AWS infra

AUTHOR
PUBLISH DATE
June 19, 2024

AWS has hundreds of cloud services available, with innumerable uses: from raw building blocks such as servers and load balancers, to managed services such as Simple Notification Service (SNS). All of these services are underpinned by AWS concepts that secure and provide proper access: roles, security groups, etc.

While deploying an AWS service may seem straightforward, security and access should be taken into consideration every time. There are many examples of AWS services that were accidentally left insecure, resulting in breaches that cost companies and consumers many millions of dollars.

Imperva

Imperva, a cybersecurity company, created a snapshot of customer data using an RDS snapshot. Over 1 year later, an EC2 instance that was part of a scaling test was left open to the public internet. This EC2 instance contained hardcoded AWS API keys, which eventually resulted in the database snapshot being compromised.

The database itself had customer email addresses, API keys, and customer’s SSL certificates. By Imperva’s own research, the cost of a breach on average is $5.6M. While Imperva took corrective actions after the breach, it could have been prevented by using a Resourcely guardrail like the below:

Capital One

In 2019, Capital One had over 100 million credit applications stolen from an insecure S3 bucket after a Web Application Firewall (WAF) was assigned too many permissions. It was allowed to read all files in the referenced S3 bucket.

After being found liable for negligence, Capital One was fined $80M and settled lawsuits from customers for $190M - a total impact of $270M.

Nature’s Basket

This Indian retail food chain had an S3 bucket with open access to the public internet. Within this bucket, there were files with hardcoded AWS keys that resulted in complete access to all of Nature’s Basket’s cloud resources.

Luckily, this attack was carried out by an ethical security researcher who informed the responsible team. Given the complete

Nobody can ignore secure configuration

Breaches are not unique to AWS - any infrastructure is susceptible to misconfiguration, even when the people deploying have the best of intentions. It is important to put safeguards in place that make your configuration experience secure-by-default.

These breaches cost companies and their customers many millions of dollars. Avoid your own incident by putting Resourcely blueprints and guardrails in place. Your developers deserve a paved road to production. Learn more about Resourcely today!

Ready to get started?

Set up a time to talk to our team to get started with Resourcely.

Get in touch

More posts

View all
September 25, 2024

Embracing the Configuration Platform

The next wave of DevOps
July 17, 2024

Resourcely's General Availability

Summer 2024 Product Launch
November 20, 2024

Making AWS ControlTower Account Factory easier with Resourcely

Turning the Account Factory for Terraform modules into a smart UI

Talk to a Human

See Resourcely in action and learn how it can help you secure and manage your cloud infrastructure today!