"Amazon Cloud Service Loses Silver Lining as Analyst Warns of Breach Threat"

According to Mitiga research, the cloud storage provider Amazon Web Services (AWS) has a vulnerability that could allow threat actors with pre-existing account control to exploit Internet Protocol (IP) addresses to gain access to other systems. The flaw exists in AWS' Elastic IP (EIP) address transfer service, which the company recently implemented to facilitate the movement of EIPs between accounts. With EIP transfer, a user can reuse the same EIP addresses for their applications after moving them to a new AWS account, removing the need to allowlist connectivity resources and speeding up migrations. However, according to Mitiga, cybercriminals might utilize the new functionality to amplify an initial hacking attack by seizing control of the EIP via an Application Programming Interface (API) call, which is often used to request data between apps. With the proper permissions on the victim's AWS account, a malicious actor can move the victim's used EIP to their own AWS account with a single API request, thereby acquiring control of it. Assuming initial compromise has been achieved, this is a later-stage attack. In many circumstances, however, it allows for a significant increase in the impact of the attack and access to even more assets. For example, a threat actor may circumvent firewall safeguards to gain access to a victim's network endpoints by exploiting "allowlists" that would authorize entrance by the stolen IP address. Alternately, they might employ it in phishing or social engineering efforts, acting as the victim or operating a command-and-control (C2) server to launch malware attacks in subsequent attempts to hijack computers. This article continues to discuss the potential exploitation and impact of the AWS vulnerability.

Cybernews reports "Amazon Cloud Service Loses Silver Lining as Analyst Warns of Breach Threat"