This new open-source tool is hunting for public AWS S3 buckets to spy on

Tool can help businesses keep their secrets to themselves

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cloud misconfigurations are one of the biggest causes of data breaches these days, and one security researcher has now set out to fix it with a new tool.

Built on Python, S3crets Scanner allows security researchers and analysts to look for “secrets” that companies exposed to the public, by mistake, through their company’s AWS S3storagebuckets.

As explained byBleepingComputer, secrets include authentication keys, access tokens, or API keys, all of which can be used by threat actors to deal plenty of damage. For example, these secrets can be used to access the company’s corporate network andendpoints, which could result in data theft, malware infections, or even ransomware attacks.

Targeting PII

The tool was built by security researcher Eilon Harel to only look for secrets exposed by mistake. It does so by only scanning S3 buckets that have specific configurations set to false, such as “BlockPublicAcls”, “BlockPublicPolicy”, “IgnorePublicAcls”, and “RestrictPublicBuckets”. Any other buckets are filtered out.

Buckets that match the above criteria will be downloaded as text files, and scanned using the Trufflehog3 tool which checks for credentials and private keys on S3 buckets, but also GitHub, GitLab, and filesystems. Harel created a unique set of rules for Trufflehog3, which targets personally identifiable information (PII) exposure, as well as internal access tokens.

Multicloud security issues are plaguing businesses everywhere>Managing cloud cyber security>Check out the best cloud backup solutions right now

Harel believes the tool can help businesses expose fewer secrets, consequently suffering fewer data leaks and similar cybersecurity incidents. He also believes it can be used for white-hat operations, as researchers can scan publicly accessible buckets for misconfigurations and notify the businesses before bad actors.

A multi-cloud environment is essential for businesses these days, but securing data in such a system is one of the biggest challenges they face. A recent report by cybersecurity experts Radware states that 70% of senior execs, DevOps leaders, and other seniors, aren’t confident they can properly secure both on-prem and multi-cloud environments.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

New fanless cooling technology enhances energy efficiency for AI workloads by achieving a 90% reduction in cooling power consumption

Samsung plans record-breaking 400-layer NAND chip that could be key to breaking 200TB barrier for ultra large capacity AI hyperscaler SSDs

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)