These platform vulnerabilities have subjected enterprises to cyberattacks from insider threats, weak authentication, and third-party access, leading to severe financial and human implications. In summary, a majority of recent high-profile cloud breaches involved misconfiguration, low visibility, and privilege abuse as the leading causes of cyberattacks. They suffered a breach after a bad actor gained read and write access to a misconfigured AWS S3 bucket. What happened? Twillo is the world’s leading cloud communication platform as a service company. What happened? Reindeer, which was out of business, left its Amazon S3 bucket open to the public, leading to the catastrophic leak of 50,000 files totalling 32 GB. What happened? A misconfigured Amazon S3 bucket exposed details of over 3 million senior citizens including individuals’ names, numbers, and email addresses. Number of individuals affected: 3 million individuals What happened? Premier Diagnostics Utah COVID-19 testing service exposed thousands of ID scans, including driver’s licenses, medical insurance cards, passports, and other IDs, on the web without a password or any other authentication required to access it. Number of individuals affected: 50,000 patients What happened? , provided by an American company named PeopleGIS stored data of US municipalities in several misconfigured Amazon S3 buckets. Number of individuals affected: 1,000GB with more than 1.6 million files. Thousands of Excel spreadsheets of unique individuals who made purchases from the supplier across numerous e-commerce platforms. What happened? Famous Turkish beauty brand, Cosmolog Kozmetik, suffered a leak in its Amazon S3 bucket. ![]() Number of individuals affected: 20GB with 567,000 unique individuals What happened? Twitch exposed data to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party. Below we highlight a few of last year’s most notable breaches. These were just a few of the top examples from 2021. An unnamed marketing services company was responsible for the breach of these Volkswagen and Audi customers and prospects in Canada and the U.S., because of unsecured data. Happening simultaneously, 3.3 million Volkswagen & Audi records were for sale online. In July, the State Department announced a $10 million reward for any information about hackers working for foreign governments aimed squarely at those participating in “malicious cyber activities against US critical infrastructure in violation of the Computer Fraud and Abuse Act.” Following this effort, the US government put up a $15 million reward for tracking down the individuals in the DarkSide organization in August. You have bad actors asking for ransom and selling data online with organizations and governments offering rewards to take down these cybercriminals. Getting access to data, your company’s most valuable asset is big business. To get specific, public read access could lead to a data breach, while public write access can launch malware or encrypt data to hold your company ransom.Īttacks on these vulnerabilities don’t look like they are slowing down any time soon. Misconfigured S3 buckets can present serious risks to your cloud environment, often without you even realizing it. While AWS is an increasingly adopted tool that enables enterprises to upload and distribute data with unmatched effectiveness, it comes with a unique set of vulnerabilities overlooked by users. ![]() This past year, 2021, has been a particularly dire year for cloud breaches, with incidents taking down networks for weeks at a time, and disrupting business throughout the country. Data breaches remain a challenge despite an increase in cybersecurity awareness and investments.
0 Comments
Leave a Reply. |