da_6672d ago

what happen when you just... abandon your cloud storage buckets?

https://labs.watchtowr.com/8-million-requests-later-we-made-the-solarwinds-supply-chain-attack-look-amateur/

8 Million Requests Later, We Made The SolarWinds Supply Chain Attack Look Amateur

Surprise surprise, we've done it again. We've demonstrated an ability to compromise significantly sensitive networks, including governments, militaries, space agencies, cyber security companies, supply chains, software development systems and environments, and more. “Ugh, won’t they just stick to creating poor-quality memes?” we hear you moan. Maybe we should, maybe

watchTowr Labs
Show threadViss2d ago

@da_667 the advent of infrastructure as code or whatever has led people to give no fucks about infrastructure, so previously, if they had a physical server that was on, using bandwidth, power etc, they'd 'decomission it'.

now that you dont have to 'decomission shit anymore' people just ...

dont

Show threadSignalEleven2d ago
@Viss @da_667 that is not the whole problem. Those are buckets that have been deleted, and they are setting them up anew with abandoned names.
Abandoning a bucket by not decommissioning it would in fact mitigate this.
Show threadSignalEleven
@Viss @da_667 oh maybe you meant the other side, the side calling non-existent buckets. That can be bitrot, a link on a page on a website otherwise maintained, a cronjob on a server otherwise used...
I just find it disingenuous to react to an interesting finding and blame it on something generic as "Infrastructure as code".
Mar 21 at 8:46amWeb