Amazon S3 now encrypts by default + CircleCI Breach

January 14, 2023

Happy New Year and Welcome to 2023, its going to be an interesting year for many reasons. We are coming off nearly 3 years of Covid, last year was a big year with lots of vulnerabilities and breaches coming to the surface, there was the Russia- Ukraine war and economic downturn, for all these reasons & more 2023 will be big year for cybersecurity and Cloud Security, that’s  why we are back to make sure collectively we stay updated on what we need to know in Cloud Security

  • It’s the start of 2023 and what many of us find ourselves asking, what would this year be like? Which technologies will be the most important in 2023. According to recent study published by IEEE which I found interesting (which is the Institute of Electrical and Electronics Engineers around since 1963 apparently), “cloud computing (40%), 5G (38%), metaverse (37%), electric vehicles (EVs) (35%), and the Industrial Internet of Things (IIoT) (33%) will be the five most important areas of technology of 2023” 

Another interesting point raised in the study was that “cybersecurity concerns most likely to be in technology leaders’ top three in 2023” which from what we are seeing seems very valid – these concerns would be due to issues relating to cloud vulnerability, mobile +hybrid workforce + data center vulnerability

  • Just like Jan 2022 we were all grappling with log4j, this year started with CircleCI Security breach. CircleCI for anyone who is not quite familiar with it, is a continuous integration and continuous delivery platform. Late December, a security engineer at CircleCI received an email notification about a potential attack on his CircleCI account thanks to an AWS CanaryToken placed by him. On Jan 4th, CircleCI advised to rotate any and all secrets stored in CircleCI and published a blog outlining the various ways to do it.  They removed all Personal and Project API Tokens created before January 5, expired all OAuth tokens for Bitbucket users and rotated all GitHub Oauth Tokens. They have recently also confirmed that they have partnered with AWS to help notify all CircleCI customers whose AWS tokens may have been impacted as part of this security incident. Now it can be argued that because the platform is integrated with other SaaS and Cloud providers, there could be flow on effects. CircleCI expects to provide an incident report to its customers on 17th Jan 2023.
  • Now I know all you AWS fans out there probably already heard about this but incase you missed it, Amazon S3 now encrypts new objects by default. Now Amazon S3 as you know is AWS’s object storage service. Fun Fact: well for those of us who find cloud security facts fun, have you ever wondered why some services are called Amazon something like Amazon S3 and some services are called AWS something like AWS KMS, there are a few theories – utility services/ those consumed through API start with AWS, while standalone services start with Amazon. Its also believed that if the service was created for Amazon initially, it has the Amazon prefix. Back to the news, AWS announced on 5 Jan 2023, that Amazon S3 will now automatically apply server-side encryption for each new object. This has been welcomed by AWS users as a good compliance tick and also would assist with those pesky S3 bucket breaches which are still all too common.
  • Is it possible that threat actors are gaining cloud security skills faster than all of us trying to protect our cloud environments? Unit 42 researchers from Palo Alto Networks recently released a report about Automated Libra, the cloud threat actor behind the freejacking campaign PurpleUrchin, reporting that they had created more than 130,000 accounts on free or limited-use cloud platforms such as Heroku and GitHub. They have also engaged in the illegal theft of cloud resources from these platforms.These threat actors created three to five GitHub accounts every minute during the peak of the operation in November 2022 and  some of their automated account creation cases bypassed CAPTCHA images using simple image analysis techniques. In order to take advantage of the limited resources offered by free trials, the actors heavily leveraged DevOps automation techniques such as continuous integration and continuous delivery (CI/CD). They accomplished this by containerizing user account creations on cloud platforms and through automating their cryptomining operations. Its quite an interesting read of how threat actors are becoming more sophisticated and leveraging the same tools + concepts as us.
  • APIs are key to cloud transformation – would you agree? You may have been hearing a lot more about APIs in 2022 and you are not alone. With ramped up digital transformation, API consumption and interactions have increased. Google has released reports sharing that API endpoints are increasing under attack mostly (no surprises here) due to API misconfigurations. According to their reports, many companies are intending to expand their real-time monitoring of API servers and using (AI/ML) systems to better discover flaws and detect attacks.

The 2 reports are:

Recommend a topic

Partner with us

Join the team

Enjoying our content? Don't forget to subscribe!