Monday, June 20, 2022
HomeInformation SecurityCapital One Attacker Exploited Misconfigured AWS Databases

Capital One Attacker Exploited Misconfigured AWS Databases



The 36-year-old Seattle tech employee behind the notorious 2019 Capital One information breach has been convicted on seven expenses associated to the information theft — that are punishable by as much as 20 years in jail.

Within the incident, Paige Thompson, who operated beneath the hacker deal with “erratic,” made off with greater than 100 million credit score purposes that have been held in a misconfigured Amazon Internet Companies storage bucket within the cloud. She was arrested shortly thereafter, after the banking large traced the malicious exercise again to her and alerted the FBI.

“Ms. Thompson used her hacking expertise to steal the private data of greater than 100 million individuals, and hijacked laptop servers to mine cryptocurrency,” mentioned US Lawyer Nick Brown, in an announcement. “Removed from being an moral hacker attempting to assist firms with their laptop safety, she exploited errors to steal worthwhile information and sought to complement herself.”

Prosecutors famous that Thompson particularly used a scanner to search for AWS misconfigurations, by which databases are left open to the Web with out authentication required for entry. In all, she managed to infiltrate the databases of 30 entities, together with Capital One — stealing information and in some instances planting cryptocurrency miners.

In keeping with a Division of Justice assertion, Thompson “spent a whole lot of hours advancing her scheme, and bragged about her unlawful conduct to others through textual content or on-line boards.”

After a seven-day trial and 10 hours of deliberation, a jury in US District Court docket in Seattle discovered Thompson responsible of wire fraud, 5 counts of unauthorized entry to a protected laptop, and damaging a protected laptop. The jury discovered her not responsible of access-device fraud and aggravated id theft.

Thompson is scheduled for sentencing by US District Choose Robert S. Lasnik on Sept. 15.

“She wished information, she wished cash, and he or she wished to brag,” Assistant US Lawyer Andrew Friedman mentioned in closing arguments.

“We’re happy with the end result of the trial and stay grateful for the tireless work of the US Lawyer’s Workplace in Seattle and the FBI’s Seattle Discipline Workplace in prosecuting this necessary case,” Capital One mentioned in a media assertion.

Cloud Misconfigurations Stay Rampant

Whereas Thompson was bent on malicious exercise, the incident additionally introduced cloud-security duty and the problem of misconfigurations to the fore. Capital One was discovered to be negligent for leaving delicate monetary information open to the general public, leading to an $80 million positive. It additionally settled buyer lawsuits for $190 million — not a reasonable outcome.

“The Capital One breach actually put cloud safety on the forefront of many enterprises,” says John Bambenek, principal risk hunter at Netenrich. “Previous to that, there was a false impression that the cloud firms would deal with safety and that default settings have been ‘safe sufficient.’ The fact is, the shared-security mannequin requires customers to ensure that their cloud environments are safe and that information doesn’t unintentionally leak.”

In its current report on cloud misconfigurations, safety agency Rapid7 famous that breaches stemming from cloud misconfigurations proceed to occur with “distressing frequency.”

“In the beginning, it’s best to now be keenly conscious that there are people actively in search of out cloud service misconfigurations every day,” researchers warned within the report. “Given the correct tooling, it is nearly trivial for any reasonably intelligent individual to hunt for these cracks within the cloud at scale, and so they do not even should be focusing on your group particularly to come back throughout that unintended misconfiguration which finally ends up exposing delicate information in your care.”

For instance, earlier this month researchers from Secureworks Counter Risk Unit (CTU) discovered that cyberattackers are focusing on misconfigured Elasticsearch cloud buckets for extortion functions. After discovering information uncovered on the general public Web, the attackers then steal the wide-open information and change it with a ransom word. On the time, almost 1,200 situations had been affected.

Thus, enterprises ought to dedicate sources to cloud safety, together with planning for secure and resilient configurations and automatic processes to observe for errors and oversights, researchers famous.

Bambenek says there’s proof that issues are getting higher.

“It is taken just a few years, nevertheless we’re making actual strides in not solely having default-secure settings, however for safety instruments to start out detecting misconfigurations and malicious conduct in cloud environments,” he tells Darkish Studying.

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments