Cybersecurity In-Depth: Getting answers to questions about IT security threats and best practices from trusted cybersecurity professionals and industry experts.

Misconfigured cloud buckets leak sensitive data. Here's how to keep your Amazon Web Services (AWS) Simple Server Storage (S3) buckets secured.

Kurtis Minder, Co-Founder & CEO, GroupSense

January 6, 2020

1 Min Read
(image by <a href="https://stock.adobe.com/contributor/206767718/conceptualmotion?load_type=author&prev_url=detail" target="new">conceptualmotion</a>, via Adobe Stock)

Question: Are there any tools that can help me find misconfigurations in my AWS S3 cloud buckets?

Kurtis Minder, CEO of GroupSense: Yes. There are a number of tools that are available to look for misconfigured or open S3 buckets. Most of these tools are available for free on GitHub. S3-inspector, S3Scanner, and Bucket Finder are a few that will uncover buckets and misconfigurations.

Keep in mind, threat actors can use these tools also. Better to use on yourself before they do. In fact, cybercriminals don't even bother hacking into systems deployed on AWS – there are so many misconfigured S3 buckets out there that they just use these tools to find the screw-ups and steal the data. I saw a stat from Skyhigh Networks that 7% of all S3 buckets have unrestricted public access, and 35% are unencrypted.

This is like shooting fish in a barrel for data thieves, so it is really critical for companies to use these tools to shore up their configurations before they start putting sensitive data into AWS or any other public cloud.

Related Content:

 

About the Author(s)

Kurtis Minder

Kurtis Minder

Co-Founder & CEO, GroupSense

Kurtis Minder is the Co-Founder and CEO of GroupSense where he leads a team of world-class analysts and technologists providing custom cybersecurity intelligence to some of the globe’s top brands. He has more than 20 years of experience in roles spanning operations, design, and business development at companies like Mirage Networks (acquired by Trustwave), Caymas Systems (acquired by Citrix), and Fortinet (IPO). Minder is also a world-renowned ransomware negotiator and was recently profiled in The New Yorker for his work. He has been featured in the media across four continents and has recently been on CNN, The BBC, and CBS, and featured in publications such as Reuters, The Wall Street Journal, The New York Times, Fortune, and The Washington Post about ransomware.

See more from Kurtis Minder
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events
Latest Articles in The Edge
Read More The Edge