Mitiga researchers disclose AWS Elastic IP hijacking vulnerability – ComputerWeekly.com

Gorodenkoff – stock.adobe.com
Mitiga threat researchers have identified what they describe as a new potential attack vector leveraging recently introduced functionality in Amazon Web Services (AWS) technology that has made changing Elastic IP ownership in AWS Elastic Compute Cloud (EC2) environments easier.
Mitiga is an AWS partner, and provides software and services for security incident response and preparedness in cloud environments.
In October 2022, said the researchers, AWS announced a new Amazon Virtual Private Cloud feature, “Elastic IP transfer”, which allows the transfer of Elastic IP addresses from one AWS account to another. This feature makes it easier to move Elastic IP addresses during AWS account restructuring.
By exploiting this AWS Elastic IP Transfer feature, a threat actor with existing control over an AWS account could compromise an IP address.
This is, said Mitiga, is a “new vector for post-initial-compromise attack, which was not previously possible (and does not yet appear in the MITRE ATT&CK Framework)”. “Organisations may not be aware of its possibility,” it added.
Mitiga said the method “can expand the blast radius of an attack and allow further access to systems relying on IP allowlisting as their primary form of authentication or validation”.
It maintains that the potential attack is unique as “EIP was never considered a resource you should protect from exfiltration”. “The ‘hijacking an EIP’ scenario isn’t even shown as a technique in the MITRE ATT&CK knowledge base, which means this new technique can go ‘under the radar’.”
Malicious actors could attach a stolen EIP to an EC2 instance in their own AWS account for purposes that include reaching a victim’s network endpoints, secured by a firewall that possesses an ingress rule which allows connections from the stolen IP. They could also use the stolen IP for malicious activities, such as phishing campaigns. An EC2 instance is a virtual server in Amazon’s Elastic Compute Cloud for running applications on the AWS infrastructure.
The researchers’ advice to AWS users is to treat their EIP resources like other resources in AWS which are in danger of exfiltration. “Use the principle of least privilege on your AWS accounts and even disable the ability to transfer EIP entirely if you don’t need it,” it said.
Mitiga has published a detailed blog post about what they describe as Elastic IP Hijacking on its website. It notified the AWS security team about its findings before publishing, and incorporated the feedback it got as part of its post.
Major antitrust cases are expected to play out in 2023 while federal regulators consider new interpretations of existing …
Research shows organizations are still struggling to bring in IT talent. We identify the reasons why there’s a shortage and what …
The threat of a recession coupled with the ongoing need for transformation and growth means CIOs must make force multiplying …
CrowdStrike is urging organizations to apply the latest Microsoft Exchange updates after investigations revealed attackers …
This Risk & Repeat podcast episode discusses the current state of OT security, including the convergence with IT environments and…
Looking to advance your cybersecurity career? Here are the skills you’ll need to win that CISO job, land a gig as a threat hunter…
Arista’s new switches provide more options for enterprises and higher speeds for bandwidth-hungry hyperscalers. The latest …
Telecom operators have committed to sustainability plans to reduce carbon emissions and energy use. But they also face challenges…
Nmap might be more common for security tasks, but it’s also useful for network documentation and inventory. Follow these best …
Data lakes and data warehouses both store big data. When choosing a lake or warehouse, consider factors such as cost and what …
Classical and quantum computers have many differences in their compute capabilities and operational traits. Know their …
Colocation companies offer a wide range of facilities and services that can help organizations reduce or eliminate the costs …
Expect more organizations to optimize data usage to drive decision intelligence and operations in 2023, as the new year will be …
These 10 roles, with different responsibilities, are commonly a part of the data management teams that organizations rely on to …
These eight challenges complicate efforts to integrate data for operational and analytics uses. Here’s why, plus advice on how to…
All Rights Reserved, Copyright 2000 – 2022, TechTarget

source

Related Articles