Misconfigurations in the cloud are one of the biggest causes of data breaches these days, and a security researcher has now set out to fix them with a new tool.
S3crets Scanner, built on Python, allows security researchers and analysts to search for “secrets” that companies have accidentally disclosed to the public through their company’s AWS S3 storage (Opens in a new tab) buckets.
As explained before ComputerSecrets include authentication keys, access tokens, or API keys, all of which can be used by threatening actors to do a lot of damage. For example, these secrets can be used to gain access to the corporate network and endpoints (Opens in a new tab)which could lead to data theft, malware infection, or even ransomware attacks.
Targeting personally identifiable information
The tool was designed by security researcher Elon Harrell to search only for secrets that were accidentally revealed. It does this only by scanning S3 containers that have certain configurations set to false, such as “BlockPublicAcls”, “BlockPublicPolicy”, “IgnorePublicAcls” and “RestrictPublicBuckets”. No other repositories are filtered.
Packages matching the above criteria will be downloaded as text files, and checked with the Trufflehog3 tool that checks for credentials and private keys in S3 containers, as well as GitHub, GitLab, and file systems. Harel has created a unique set of rules for Trufflehog3, targeting the disclosure of personally identifiable information (PII), as well as internal access tokens.
Harrell believes that the tool can help companies reveal fewer secrets, and thus suffer fewer data leaks and similar cybersecurity incidents. It’s also believed to be used in white hat operations, where researchers can scan publicly available buckets for misconfigurations and notify companies ahead of bad actors.
A multi-cloud environment is essential for businesses these days, but securing data in such a system is one of the biggest challenges they face. A recent report by cybersecurity experts Radware indicates that 70% of senior executives, DevOps leaders and other seniors are not confident that they can properly secure multiple on-premises and cloud environments.
Across: Computer (Opens in a new tab)