Cloud Threats Memo: Beware of Leaky Buckets and Cloud Apps

Another memo, another leaky cloud app compromising the personal information of hundreds of thousands of individuals (and yes, you can easily guess the app that exposed the data so no spoiler alert needed—it was an S3 bucket). The latest organization to join the long list of victims of cloud misconfigurations is Cosmolog Kozmetik, a popular Turkish online retailer that exposed more than 9,500 files, totaling nearly 20 GB of data. 

Researchers from WizCase discovered the trove of data: a leaky S3 bucket containing about 4,000 images and approximately 5,400 Excel files exposing more than 637,000 unique orders made by more than 567,000 unique customers on multiple e-commerce websites. The leaked order records revealed clients’ names, surnames, physical addresses, and purchase details, such as items purchased and quantity of items. In some cases, the data also included phone numbers and email addresses, but luckily, no payment information was exposed.

The risk of cloud misconfigurations is always around the corner, and the enforcement of the cloud shared responsibility model continues to be a challenging task for organizations that are struggling to apply basic security hygiene in the cloud, exposing their partners and customers to online risks such as frauds, scams, phishing, and identity theft. A list of examples of leaky cloud apps is available here.

How Netskope mitigates the risk of leaky cloud apps

Netskope for Public Cloud can detect and remediate misconfigurations on AWS, Azure, and GCP, preventing the leakage of data and detecting setup errors that could be exploited by attackers. A set of predefined profiles is available covering industry standards and regulations, such as SOC2, CSA CCM, GDPR, PCI-DSS, and NIST 800-53, preventing basic misconfiguration such as publicly readable and writable buckets. Additionally, it is also possible to build custom rules via a Domain Specific Language.

But the public cloud can also leave workloads unprotected, exposing misconfigured remote access services (like RDP or SSH) to brute-force or password-spraying attacks. Netskope Private Access is the solution to mitigate this risk, allowing organizations to publish their services (hosted in a public cloud or an on-prem datacenter) in a secure manner, embracing the Zero Trust access paradigm.

Stay safe!