Senators Urge AWS Investigation After Capital One Breach

Oct 25, 2019 02:00 pm Cyber Security 225

Senators Urge AWS Investigation After Capital One Breach

Two Democratic Party senators have demanded an investigation into whether Amazon Web Services (AWS) broke the law by failing to secure infrastructure which was compromised in the Capital One breach.





Former AWS software engineer Paige Thompson has been accused by prosecutors of the attack on the US bank and 30 other organizations. It’s said to have affected around 100 million US and Canadian customers and applicants of the financial institution, including consumers and small businesses.





Reports have hitherto focused on a misconfigured web application firewall (WAF) hosted by the bank in the AWS cloud as the main factor in the attack.





Specifically, Thompson is thought to have exploited this to conduct a Server Side Request Forgery (SSRF) attack, tricking the WAF into running non-permitted commands which allowed her to talk to the AWS “metadata” service, in order to grab key credentials.





However, following the incident, security experts argued that AWS should be doing more to implement mitigations to help prevent SSRF attacks on its platform.





“The impact of SSRF is being worsened by the offering of public clouds, and the major players like AWS are not doing anything to fix it,” said Cloudflare’s Evan Johnson.





Now senators Ron Wyden and Elizabeth Warren have penned an senators investigation after capital breach

Read The Rest from the original source
infosecurity-magazine.com

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!