“Let’s say somebody is utilizing these suppliers and so they occur to have a standard id platform, perhaps SailPoint. If SailPoint is passing an information stream to AWS and Microsoft and perhaps others, it might allow entry to all that consumer’s data in a type of hyperscaler environments. It would enable restricted information entry within the cloud. Now let’s say someway an attacker is focusing on that AWS API. If that consumer was utilizing the identical credentials throughout these cloud platforms,” it might present in depth entry, he says.
IMDSv2: What you don’t know might kill your cloud
In March 2024, Amazon quietly rolled out an replace to a vital piece of the AWS platform: the Occasion Metadata Service (IMDS). Some SOCs “may not even notice that they’re utilizing [IMDS]” and due to this fact they’re exposing their operation to a severe “security menace associated to metadata publicity,” says Pluralsight’s Firment.
“AWS makes use of IMDS to retailer security credentials utilized by different purposes and providers, and makes that data out there utilizing a REST API. Attackers can use a Server-Facet Request Forgery [SSRF] to steal credentials from IMDS, which permits them to authenticate because the occasion position for lateral motion or information theft,” Firment explains. “AWS launched a more recent model of IMDS, model 2, to enhance the security of unauthorized metadata, though many organizations are nonetheless utilizing the unique IMDSv1 because the default. To assist CISOs shut this potential security gap, AWS just lately introduced the power to set all newly launched Amazon EC2 situations to the safer IMDSv2 by default.”
IMDSv2 “was launched by AWS in November 2019 however the skill to set the default to the brand new model was not launched till March 2024. In consequence, many organizations continued to make use of the unique weak IMDSv1. Fascinating to notice that the default solely applies to new situations launched, so current situations with IMDSv1 nonetheless have to be reconfigured,” Firment says.
