Exploiting Public Buckets: How Misconfigured Cloud Storage Can Lead to Data Breaches

What is Cloud Storage?

Cloud storage is a general term for saving data to secure & offsite storage systems that third parties maintain. The variable costs reflect the economics of the big three public cloud storage providers: Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure. This provides businesses with scalable low-cost storage silos they can use to store huge volumes of data without owning any physical infrastructure.

Uses of Cloud Storage

  • AWS (Amazon Web Services): AWS S3 (Simple Storage Service) is widely used for data backup, content distribution, and big data analytics.
  • GCP (Google Cloud Platform): Google Cloud Storage integrates tightly with other Google services and has been used in machine learning & data analysis projects.
  • Azure: Azure Blob Storage, on the other hand, is popular for its integration with Microsoft's ecosystem, helping enterprise applications and hybrid cloud deployments, etc.

Despite these benefits, cloud storage solutions often suffer from misconfigurations, and publicly accessible buckets have already led to severe security incidents.This may expose sensitive data that would otherwise be kept under wraps entirely. 

Google Dorking and Cloud Resource Discovery

Google Dorking is a technique in which advanced search operators are used to find specific information on the web, including misconfigured cloud resources. Here are a few examples of Google Dorks to help discover publicly accessible facilities:

  • AWS S3 Buckets: intext:target inurl:s3.amazonaws.com
  • Azure Blob Storage: intext:target inurl:blob.core.windows.net
  • Google Cloud Storage: intext:target inurl:storage.googleapis.com

These search queries can be used to locate sensitive data in buckets that are publicly accessible. For example, searching with the dork 'intext:target inurl:s3.amazonaws.com' will yield a list of S3 buckets. These might be publicly accessible online, and will often contain extremely sensitive information.

Using Third-Party Tools for Infrastructure Discovery

Third-party tools like domain.glass help map out a company's infrastructure by revealing domain information and associated resources. These tools can provide insights into a company's cloud storage configurations and potential vulnerabilities.

  1. Domain.glass: This tool can uncover subdomains and associated services, giving insights into how a company structures its cloud resources.
  1. GrayHatWarfare: This index of publicly accessible S3 buckets can help discover exposed cloud resources by simply entering a company's name in the search bar.

Exploring GrayHatWarfare

GrayHatWarfare is basically an online index for open buckets and the files inside of them.

Real-World Scenario:

I once investigated a cybersecurity company using GrayHatWarfare. By entering the company's name and filtering the results, I found a zip file containing email messages between the company and its clients. These emails contained internal pentest results, and even PDF files of the pentest. This breach exposed sensitive information due to the misconfiguration of their cloud storage.

  • Using “Search Files”
  • Exposed sensitive information

Securing Cloud Storage: Best Practices

To prevent such breaches, the following best practices should be followed:

  1. Audit and Identify Public Buckets: Regularly use tools like AWS Config, Azure Security Center, and Google Cloud Security Scanner to identify public buckets.
  2. Implement Access Controls: Set bucket policies to restrict public access and use IAM roles and policies to control access.
  3. Monitor and Alert: Set up alerts for changes in bucket configurations using tools like AWS CloudTrail, Azure Monitor, and Google Cloud Logging.

Conclusion

Securing cloud storage is crucial to protect sensitive data. Regular audits, strict access controls, and continuous monitoring can prevent misconfigurations and protect against data breaches. As cloud usage grows, so does the importance of vigilant cloud security practices.

Mustafa Hussein
Cybersecurity Researcher

Schedule a Pentest:

Penetration Testing

Start a Free Trial:

Vulnerability Scanner