Professional Digital Marketing Agency - smartreesolutions.com

AWS will scan for misconfigurations after the Capital One Data Hack. AWS was notified by the cloud giant that it will be scanning for such issues following the recent hack of Capital One’s data stored on Amazon Web Services Inc.’s infrastructure. This was made possible by a user-misconfigured firewall. Last week, we reported that AWS and other defendants were named in multiple lawsuits following a hacker’s attempt to use the misconfigured firewall to launch a server side request forgery attack (SSRF) to gain access to Capital One data. AWS has been plagued for years by a series of well-publicized hacks. Many of these incidents were enabled by user misconfigurations. AWS revealed its new proactive scanning strategy to address questions from Ron Wyden, U.S. Senator. AWS’s Stephen Schmidt (chief information security officer) responded to Wyden’s questions about the hack. He stated that although the attack on Capital One was caused by the application misconfiguration, AWS will take several steps to help customers protect their security. These include:

Posted on by Steward
  • AWS will scan the public IP space for firewall resources of customers to determine if they are misconfigured.
  • AWS will intensify its efforts to assist customers in setting the most permissive permissions.
  • AWS will work harder to make its Macie- and GuardDuty anomaly detection service more widely adopted and accessible in all regions.

Schmidt stated that additional “belts and suspenders” will be added to subsystems within our stack (like instance metadata service) in order to provide customers with even greater protection. “Security will continue to evolve at an accelerated pace and we will certainly find other areas that we can improve going forward.” Schmidt said. You can be sure that we will continue to improve our services and learn from this incident with our partner. Capital One estimates that the breach affected approximately 100 million people in the U.S., and 6 million in Canada. More information about the incident was provided by Capital One here and here. AWS stated that its cloud platform was unaffected by the incident and continued to function as intended.