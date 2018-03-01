Study: SMBs lack thorough understanding of state data breach notification laws

UpGuard Wednesday reported yet another exposed AWS S3 server, this time one belonging to business analytics software firm Birst.

"Birst's appliances provide security advantages that would normally protect against precisely this kind of cloud leak; by entirely cutting the on-premise Birst cloud environment off from access to the wider Internet, security misconfigurations resulting in the exposure of critical information would not be possible,” UpGuard Cyber Risk Research Director Chris Vickery wrote in a blog. "Copying that same data, however, to an Amazon S3 bucket that can be accessed by anyone entering a URL — and storing in that bucket not just the encrypted appliance, but the key needed to decrypt the data — enables precisely this kind of cloud leak to occur."

Noting that "cybercriminals will always take the path of least resistance, and third-party vendors have always been a source of risk. The difference is that cybercriminals are now shifting their focus to targeting public cloud environments by exploiting third-party vendors," said Varun Badhwar, CEO and co-founder of RedLock. "The Birst breach is not unique since we have seen a number of incidents where public cloud storage services have been exposed. However, the trend of exposing access credentials to critical systems is increasing in velocity and creates an opportunity for greater exposure."

Badhwar pointed to "the Uber breach where a developer exposed credentials in GitHub to Uber's public cloud environment, and these were subsequently used to infiltrate the environment and access sensitive data."

The blog detailing Vickery's findings about the exposed Birst server on the subdomain capitalone-appliance has since been removed and financial services firm Capital One, which was mentioned in the post, said that at no time had the company's data been at risk.

"At no time was any Capital One information exposed. This was simply an instance of a vendor's software that was hosted in their cloud environment,” a Capital One spokesperson said in a statement. “The referenced passwords and credentials are generic and are used for installing this software."

The spokesperson said that "as a matter of standard practice, Capital One changes all default settings, including credentials, prior to deploying third party software. Because of this, there is no impact to the security of Capital One systems and data."