© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Amazon cloud service loses silver lining as analyst warns of breach threat

Threat actors could have leveraged a newly introduced IP address transfer functionality in AWS to gain access to other systems, researchers claim.

The issue lies in AWS’s Elastic IP (EIP) address transfer service, which the tech giant recently introduced to make it easier to move EIPs between accounts.

“With Elastic IP transfer, you are now able to reuse the same Elastic IP addresses for your applications even after you move them to a new AWS Account, eliminating the need to allowlist connectivity resources and accelerating your migrations,” AWS said when it launched the function on October 31.

Design issue

But cloud-focused security firm Mitiga says cybercriminals could use the new feature to build on an initial hacking attack by taking over the EIP using an application programming interface (API) call, normally used to request data between applications.

“With the right permissions on the victim’s AWS account, a malicious actor using a single API call can transfer the victim’s used EIP to their own AWS account, thus practically gaining control over it,” it said.

“This is a later-stage attack, assuming initial compromise was already achieved. However, in many cases it allows greatly increasing the impact of the attack and gaining access to even more assets.”

For instance, a threat actor could bypass firewall protections to access a victim’s network endpoints, taking advantage of “allowlists” that would permit entry by the stolen IP address.

Alternatively, they could use it in phishing or social engineering campaigns, posing as the victim or operating a “command and control” server to launch malware attacks in further computer hijacking attempts.

Why it matters

Mitiga claims the threat is “unique” because EIPs were never previously considered an attack vector, and warned that an affected organization or business could suffer reputational loss if any of the above scenarios led to customer data being accessed.

Warning affected organizations to treat EIPs as being “in danger of exfiltration,” Mitiga urged them to “use the principle of least privilege on AWS accounts and even disable the ability to transfer EIP entirely” if not needed.

Mitiga says it had notified AWS of the issue and is working with it to rectify the issue. With more than 200 interconnected features and services, Amazon’s cloud service provider is the largest of its kind in the world.

Updated on December 28. Originally, the attack vector researchers identified was described as a vulnerability. Since Mitiga's blog doesn't identify the issue as a 'vulnerability,' we've changed the wording in the article.

More from Cybernews:

Epic Games to pay $520m over child privacy

Scammers steal huge shipments from US food suppliers, American agencies warn

Taiwan investigates TikTok for illegally operating a subsidiary

Google enables beta data-encrypting feature

Musk asked Twitter if he should remain CEO: poll asks him to step down

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked