Hackers breaching cloud containers, has contemporary been on the rise. In a recent cyber attack, Football Australia, the governing body for Australian soccer has reportedly fell victim of such incident.
The Forensics investigation of the incident, reveals the attack to have been stealthy on-going for a span of 681-days (22-months, 2-weeks and 1-day). It is no doubt, that massive data certainly was exfiltrated due to the long duration of the S3 bucket exposure.
Digging further on the reports, of the S3 container breach, it was revealed that the incident was as a result of human error which lead to the inadvertently leaking of personal information of players and customers online. A security misconfiguration in AWS S3 buckets, is said to have publicly disclosed plain-text AWS keys, including a Secret key, on a subdomain, potentially exposing a total of 127 buckets and data contained in it.
Furthermore, one of the breached buckets, is said to contain personal details of ticket buyers and players’ contracts, while another was left completely unprotected. It is no doubt with such incident, the gates of identity theft, fraud, or blackmail has been opened, for schemers, and other cyber threats to take advantage of.
In an exclusive with watoday, Jamieson O’Reilly, founder of cybersecurity firm Dvuln said:
“Considering the exposure lasted for at least 681 days, it’s plausible that external attackers discovered and utilised these keys.”
On How the Incident was discovered:
A team of researchers from Cybernews incidentally discovered the incident, during an inspection of HTML pages of a subdomain belonging to Football Australia. It was discovered that plain-text keys of AWS containers, were hardcoded into the HTML page. These keys were API secret keys, and allowed anyone with access to such keys view over 127 S3 buckets, that are housing various sensitive information, and data.
These sensitive information are said to be contract documents of football players, data of ticket buying belonging to spectators of Football Australia, and passport informations.
The consequences of such Breach:
The consequences of such incident on Football Australia, with no doubt leads to a myriad of negative outcomes. Fixitgearware Security is of the opinion, that these outcome could be one of the following:
- Identity theft: Cyber schemers, and threat actors would be seen using these exposed personal identifiable information (PII) to impersonate individuals.
- Fraud: Threat actors would also misuse these data to make unauthorized transactions, plunging the legitimate owners into financial losses, debt, and other negative consequences which might even impact their credit scores.
- Blackmail: Threat actors are known to use social engineering in exploiting their targets, who later become victims. No doubt, that theses sensitive documents, like contracts and player passports, can be used for coercion.
- Increased security risks: With such data, and PII out there in the public, people with ill intentions, could access these data, for kidnapping and other hostile attacks.
- Legal repercussions: such mistake certainly increases the chances of Football Australia facing legal consequences for failing to protect sensitive data belonging to its citizens. Also, regulatory bodies may impose fines for data protection failures.
- Loss of trust: Citizens using any form of services located in their country, believe that their information is protected. The incident certainly would lead to a loss of trust among customers, fans, and stakeholders.
- Reputation damage: A good name they say is better than riches, and it takes decades to build, and just a second to destroy your reputation. Certainly, the Football Australia organization’s image and credibility could be negatively affected.
Mitigation:
On the mitigation, Football Australia immediately fixed the issue after being informed by the Cybernews research team. The cloud buckets has since then been secured, from further exposure, to the public.
Summarizing the Incident:
The attack on Football Australia, will result in security researchers asking numerous questions, on issues related to lack of effective monitoring. Such incident leads to a major unsettling feeling, and that is high profile organizations inability to flag potential breaches as soon as they are noticed or occurred.
This is one of many attacks that has plagued Australia since last year. Major incidents such as credential stuffing attack on Guzman Y Gomez, Dan Murphy’s et’al leading to customers sensitive information stolen, HWL Ebsworth incident, with over 62 government official websites left compromised , down to Dp world port cyber-breach, Dymocks book store cyber-attack, and many other big organizations.
Certainly these incidents, highlights the need for urgent, and improved cyber & information security measures and practises, regarding sensitive data security, and cloud infrastructure protections. Therefore, it calls for urgent improvement in security practices.
Fixitgearware Security still holds the stand that Australia and organisation’s who conduct businesses based in Australia, are to efficiently, and effectively take their cybersecurity serious.
The back-to-back occurrence of cyber breaches certainly leaves no good impression about Australia, in the digital world, with regards to the wildlife treasure of the world, security posture, and effort in protecting its citizens from these bad guys.
Remember to always stay safe, and be vigilant 🛡️!
Put your comments below in the comment section on your thoughts about this.