1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Experts have found a whole new attack vector for AWS

    From TechnologyDaily@1337:1/100 to All on Thu Dec 22 15:15:03 2022
    Experts have found a whole new attack vector for AWS

    Date:
    Thu, 22 Dec 2022 15:04:12 +0000

    Description:
    New features come with new risks, and Elastic IP transfer is no different.

    FULL STORY ======================================================================

    Cloud incident response firm Mitiga claims to have discovered a brand new attack vector that could put Amazon Web Services ( AWS ) users at risk of cyberattacks.

    In a report , the company said that a new Amazon Virtual Private Cloud (VPC) feature called Elastic IP transfer (EIP) could be abused by threat actors to compromise IP addresses and, consequently, reach the targets endpoints .

    Elastic IP transfer is a feature that allows users to transfer Elastic IP addresses from one AWS account to another, a feature that makes moving
    Elastic IP addresses during AWS account restructuring simpler and easier. But as its often the case with new offerings, this one came with an abusable
    flaw. Threats under the radar

    This is a new vector for post-initial-compromise attack, which was not previously possible (and does not yet appear in the MITRE ATT&CK Framework), which organizations may not be aware of its possibility, Mitiga said in its announcement.

    Furthermore, the company said the flaw can expand the blast radius of an attack and allow further access to systems relying on IP allowlisting as
    their primary form of authentication or validation.

    The company argues the attack vector is brand new and unique as Elastic IP
    was never considered a resource you should protect from exfiltration,
    claiming that hijacking an EIP isnt even shown in the MITRE ATT&CK knowledge base as a technique at all. This means the victims could be completely
    unaware of the attack taking place, at all. Read more

    These two major AWS security flaws could have left user accounts wide open


    AWS APIs can be abused to leak information


    These are the best ID theft protection solutions around

    In an example of what the flaw could be used for, Mitiga explained how a threat actor could attach the stolen IP address to an EC2 instance in an AWS account in their possession, and use it to reach their endpoints. Even a firewall wouldnt be of much help as it would have a rule allowing connections from the stolen IP address. Consequently, they could use it to launch
    phishing attacks, the company said.

    To stay safe, AWS users are advised to think of their EIP resources just as any AWS resource at risk of exfiltration: Use the principle of least
    privilege on your AWS accounts and even disable the ability to transfer EIP entirely if you dont need it, the blog concludes. Our pick of the best antivirus software around



    ======================================================================
    Link to news story: https://www.techradar.com/news/experts-have-found-a-whole-new-attack-vector-fo r-aws


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)