Today’s recommended reading: An Elegant Way to Ruin Your Company’s Day – Introduction to Public AWS EBS Snapshots.
I found the article fascinating because it’s a good look into modern attack strategies. Rather than breaking through defenses, the researchers were able to identify snapshots which had been shared publicly and automatically examine their contents for sensitive-looking data.
Some of the snapshots were only shared for a few minutes at a time, suggesting an intentional collaboration technique. The article demonstrates that even such brief lapses are likely to be exploited. With the private sector’s massive migration to public clouds and the value of those companies’ data, it’s a fair bet that there will always be someone somewhere looking to exploit not-quite-best practices.