What Do Hackers Know About Your AWS Account?
We cloud security professionals™️ talk a big game about how important cloud security is. We hype tools and frameworks and best practices. “That bucket is public, ZOMGGGGGG” we make the CNAPP platforms yell at users regularly. What we don’t tell you is there’s a huge leap required to go from exposed AWS resource to hacked AWS resource - knowing it’s identifier.
This shouldn’t be a big surprise. Attackers have been port scanning the internet for decades looking for systems that might be vulnerable, noting their identifiers (IP addresses and ports) when they find them. But most cloud services can’t be targeted by an IP address and port. AWS talks APIs not IPs (with some exceptions). An attacker needs to provide an account ID, or an ARN, or a host name, or some random-looking string to an API to make it do bad things.
That sounds nice in theory, but I sense that you sense that it’s not quite right. So, instead of just believing the premise, here are two recently published attack examples.
