Oops.. AWS S3 Bucket Config Error Exposes 3TB of Sensitive Airport Data
Author Credit: Nathan Eddy : Contributing Writer : Dark Reading
The unsecured server exposed more than 1.5 million files, including airport worker ID photos and other PII, highlighting the ongoing cloud-security challenges worldwide.
A misconfigured Amazon S3 bucket resulted in 3TB of airport data (more than 1.5 million files) being publicly accessible, open, and without an authentication requirement for access, highlighting the dangers of unsecured cloud infrastructure within the travel sector.
The exposed information, uncovered by Skyhigh Security, includes employee personal identification information (PII) and other sensitive company data affecting at least four airports in Colombia and Peru.
The PII ranged from photos of airline employees and national ID cards — which could present a serious threat if leveraged by terrorist groups or criminal organizations — to information about planes, fuel lines, and GPS map coordinates.
The bucket (now secured) contained information dating back to 2018, the report says, noting Android mobile apps also were contained within buckets, which security personnel tap to help with incident reporting and data handling.
"Airport security protects the lives of travelers and airport staff," the report explains. "As such, this breach is extremely dangerous with potentially devastating consequences should the bucket’s content end up in the wrong hands."
As travel picks up dramatically following restrictions during the pandemic, Fortune Business Insights found that the global smart airport market size is set to be driven by the rising preference of the masses for air travel. The report also says that the expansion of commercial aviation is set to affect the market positively in the coming years, as airports increasingly turn to cloud service providers to house and process massive amounts of passenger and operational data.
Perhaps it's no wonder that travel-related organizations have been increasingly targeted of late. For instance, airlines have been the target of ransomware this year, including India's low-cost carrier SpiceJet, which weathered an attack in May that caused widespread flight delays.
At the same time, multiple cybercrime groups have been spotted selling stolen credentials and other sensitive PII pilfered from travel-related websites and cloud databases, according to security firm Intel 471's tracking.
Cloud Security Still Porous
Back in 2019, Gartner stated that "90% of organizations that fail to control public cloud use will inappropriately share sensitive data." And that worry continues today: A recent IDC survey of CISOs in the US found that 80% of respondents are not able to identify excessive access to sensitive data in cloud production environments.
"Unfortunately, news headlines like these highlight examples of a data breach due to a simple, but harmful misconfiguration: an unsecured, exposed cloud storage service," according to Skyhigh's analysis. "Complexities around identity management, access permissions, secure configurations, data protection, and so much more, continuously result in poor cloud security hygiene and ultimately, data exposures."
And indeed, there has been no shortage of cloud security incidents recently — with misconfigurations leading the way. Cybercrime goals in subverting open databases can go beyond data pilfering, it should be noted, as shown by the recent discovery of Denonia, a Go-language-based cryptominer malware. It's designed to exploit AWS Lambda, the serverless function execution service.
Also, vulnerabilities in cloud products and services have become a growing concern for organizations, with a Linux container-escape flaw in Microsoft's Azure Service Fabric among the latest vulnerabilities disclosed.
The good news? One potential cloud security resource was recently established by security researchers at Wiz in the form of a community-based database — cloudvulndb.org — which currently lists some 70 cloud security issues and vulnerabilities.
How to Protect Against Cloud Threats
A recent survey of 500 security practitioners and 200 executives, conducted by cloud automation firm Lacework, indicated organizations must change the way they're securing cloud infrastructure and services.
Skyhigh’s report notes increasing read/write privileges are often the go-to for further strengthening cloud security. However, "in reality it will take far more than that; thanks to the extensive manners by which cloud storages can be accessed and misused," the report states.
So, other measures that the firm said should be implemented include:
- Enable automatic scanning for vulnerable storage across AWS S3 buckets and Azure Blobs.
- Use continuous configuration audits for IaaS accounts and services to enforce consistent protection.
- Enforce compliance checks against industry best practices to maintain secure postures.
- Run data loss prevention and malware scans to detect violations in cloud-storage services and protect sensitive data from being exfiltrated.
- Put measures in place to detect insider threats as well as threats from compromised accounts and privileged-access misuse.
- And apply automatic remediation to take appropriate action against misconfigurations, vulnerabilities, and exposures.