Cybersecurity experts recently reported the result of their standard website scanning the rupture that highlighted Endeavor Business Media company. The said firm caters to emergency service-related content and chat forums for firefighters, police officers, and security professionals. Unfortunately, no official statement has been released by the affected firm despite numerous attempts of contact from the researchers.
We confirmed that the incident was caused by the exposure of the company’s sensitive data through its weak security, imposed on its AWS S3 (Simple Storage Service) subscription system. With different untoward incidents reported about the topic AWS S3, the company is now in the long lists of victims.
The mitigation and the failure: how it happens
However, in the past 12 months, Amazon has been dealing and doing a lot of mitigation plan in educating and assisting their clients that have subscribed to the AWS S3 system. As some company needs to ensure compatibility of their platform to the S3 system, many have failed to counter check the permission sets imposed on each user, especially those who have escalated access. Due to this very reason, hackers can do its chain of malicious acts within the business premise with just a single high-level of access.
The fraudster can inject malicious code through the exposed database that is used by the threat actor on the targeted website of the compromised company system. Any fallen victim can be redirected to a domain-controlled page of the fraudster where they can stealthily skim sensitive information such as a bank or card information. For the company, any stored data such as client or employee’s sensitive data may be downloaded or copied by the fraudster. The copied data can be used for series of malicious acts, worst be exchange for a ransom.
For this very reason, researchers and Amazon heed to many businesses that adapt to the AWS S3 services to ensure the security of the storage of their digital assets. Security personnel should secure access by appropriately configuring it from the public to the escalated level polices to avoid the risk of exposure to any form of vulnerability. A proper configuration is to avoid giving any fraudster an open-invite to your company’s information.