Half a dozen Amazon Web Services services are affected by now-addressed critical security issues, which arose from automated S3 bucket generation and could have been leveraged to facilitate significant compromise, including artificial intelligence data alteration, remote code execution, and account hijacking, reports SC Media.
Threat actors exploiting the Shadow Resources flaw, first found in AWS CloudFormation, could establish their own S3 bucket with a name similar to another bucket yet to be created by the target and eventually infiltrate CloudFormation, according to a report from Aqua Security's Nautilus research team presented at this year's Black Hat USA conference. Moreover, the automated creation of "shadow buckets" would activate the Lambda function and backdoor upon the target's creation of a new CloudFormation stack.
"While this process can take some time, you need to consider that in big organizations with hundreds of accounts and thousands of users the probability of occurrence is high," said researchers, who also identified other versions of Shadow Resources across the CodeStar, SageMaker, EMR, and ServiceCatalog services of AWS.
