One out of every ten virtual machines running on Amazon Web Services (AWS) lacks adequate security measures.
In a recent study conducted by a team of German scientists from the Fraunhofer SIT university's Darmstadt Research Center for Advanced Security, the importance of proper configuration and security measures for virtual machines on Amazon Web Services (AWS) has been underscored.
The study, published on a research website, analysed 1,100 Amazon Machine Images (AMI) of hosted machines on AWS. The findings suggest that many AWS users may not be properly securing their virtual machines, potentially leaving them vulnerable to attacks.
The vulnerability lies in the improper user configuration of the virtual machines. The scientists found that at least one-third of the machines under consideration have flawed configurations, making them susceptible to various threats. Approximately 30% of the virtual machines on AWS are vulnerable to attack, the study found.
These misconfigurations often lead to data leaks and privilege escalations. In some cases, attackers could potentially steal critical information such as passwords and private keys from these machines. The stolen passwords and private keys could provide attackers with complete control over the user's AWS account, allowing them to manipulate or compromise web services or virtual infrastructures on AWS, or even create a virtual infrastructure worth several thousands of dollars per day at the user's expense.
To mitigate such incidents, the study recommends several security measures. Users and organizations should implement strong security measures, including automating configuration audits and scans, using secure-by-default templates and Infrastructure as Code (IaC), continuously auditing and benchmarking configurations against recognized standards, applying strict access controls, least privilege principles, and monitoring privileged credentials, utilising virtual machine security tools and technologies, ensuring secure integrations with directory services, and incorporating a ‘shift-left’ approach for container and VM security.
Awareness seems to be a key issue, with the problem lying in the customers' unawareness, not in Amazon Web Services, according to the research lead. AWS provides detailed security recommendations on their web pages, but many users are still not properly securing their virtual machines. In response to the study, Amazon has published guidance for customers on how to manage their private keys.
The study's findings could have significant implications for the security of data and services hosted on AWS and other cloud platforms. As cloud environments become increasingly complex and dynamic, continuous monitoring, automated security checks, and a strong security culture around configuration management are essential to mitigating vulnerabilities caused by improperly configured virtual machines and cloud services.
Cybersecurity measures are crucial for protecting virtual machines on Amazon Web Services (AWS), given the study's findings that approximately 30% of these machines are vulnerable due to improper user configuration, potentially leading to data leaks and privilege escalations. To prevent such incidents, a strong cybersecurity approach should be implemented, such as automating configuration audits, using secure-by-default templates, implementing strict access controls, and continuously monitoring for vulnerabilities.
%20lacks%20adequate%20security%20measures.){kind=link}