Cloud Threats Memo: Learning From Recent Cloud Storage Misconfiguration Incidents

It’s time to update the list of security incidents caused by misconfiguration of cloud storage resources since the last couple of weeks have unfortunately been quite prolific. The shared responsibility model continues to be overlooked, or simply misunderstood by too many organizations, and as a consequence tons of sensitive data is leaked from the cloud on a daily basis, putting thousands of individuals (and dozens of municipalities) at risk of fraud, identity theft, and phishing campaigns.

As always, the sector of the victims (and consequently the kind of exposed data) is quite heterogeneous. The last wave of incidents occurred in July and has seen:

• A platform used to connect artists and potential buyers exposing an AWS S3 bucket with more than 200,000 files in 421 GB of data containing the records related to over 7,000 artists, collectors, galleries, and potentially customers’ data too. 
• More than 1,000 GB of data and over 1.6 million files from dozens of municipalities in the US was exposed through approximately 80 AWS S3 buckets left unprotected by a company providing information management software to local governments across Massachusetts, New Hampshire, and Connecticut.
• An insurance technology startup exposed hundreds of thousands of insurance applications after an AWS S3 bucket was left unprotected on the internet (711,000 files, including completed insurance applications that contain highly sensitive personal and medical information on the applicant and their family.)

How Netskope mitigates this risk

Netskope for Public Cloud can detect and remediate misconfigurations on AWS, Azure, and GCP, preventing the leakage of data and detecting setup errors that could be exploited by the attackers. A set of predefined profiles is available covering industry standards and regulations, such as SOC2, CSA CCM, GDPR, PCI-DSS, and NIST 800-53, but it is also possible to build custom rules via a Domain Specific Language.

But don’t forget that the public cloud can also leave the workloads unprotected, exposing misconfigured remote access services (like RDP or SSH) to brute-force or password-spraying attacks. Netskope Private Access is the solution to mitigate this risk, allowing organizations to publish their services (hosted in a public cloud or an on-prem data center) in a secure manner, embracing the Zero Trust access paradigm.

Stay safe!