- cross-posted to:
- cybersecurity
- cross-posted to:
- cybersecurity
You must log in or register to comment.
It says they use publicly exposed or leaked IAM keys with RW permission to do this, in case anybody is interested in how they get in.
While this is more an issue with compromise credentials and not a flaw in AWS exactly, I think AWS should just deprecate the use of IAM Access Keys altogether, and have newly issued keys auto expire after 90 days, requiring human intervention to extend the lifetime if absolutely necessary. Had these companies used IAM roles for their services, they would not be in this situation, but that approach requires more effort, so people go with the lazy access key solution.
And just to be clear, using IAM roles doesn’t require much effort either, even when you need to sync with an external auth provider such as AD (I know, ewww, but you have to live in the world as it is rather than the one you’d like it to be).
Let me guess next step is making sure aws has a backdoor. For security purposes obviously.
