Imperva Data Breach Caused by Stolen AWS API Key
Imperva recently revealed the primary cause of a breach that accidentally exposed customer data (which included email addresses, hashed & salted passwords, as well as TLS and API keys). It turned out to have been caused by a stolen Amazon Web Services (AWS) API key that was used to access a database snapshot containing the compromised data.
According to Imperva Chief Technology Officer (CTO) Kunal Anand, the incident happened after the company migrated their database to the AWS Relational Database Service. The company then created a database snapshot for testing while also building an internal compute instance containing an AWS API key that was, unfortunately, left externally accessible. An attacker infiltrated this instance to steal the API key, which was then used to gain access to the database snapshot.
[Read: Another AWS misconfiguration incident caused data breaches for Fortune 500 companies]
Based on the company’s log analysis, exfiltration of the data started on October 2018. However, the company only learned of the incident in August 2019 after it received a data set sent by an undisclosed third party with a request for a bug bounty. According to the latest statement, the stolen customer data was limited to Cloud WAF accounts before and up to September 15, 2017, with data from other products remaining intact.
Imperva did not detail how many customers were affected, but the company mentioned that they did provide a set of recommendations that resulted in over 13,000 changed passwords and over 13,500 rotated SSL certificates. In addition, over 1,400 API keys were also regenerated.
Recommendations and Trend Micro solutions
One way to minimize security incidents involving the cloud is by practicing the shared responsibility model, which involves both organizations and service providers implementing effective cybersecurity measures.
Organizations can consider applying the following best practices to protect their data and systems:
- Misconfiguration remains a primary cause for data breaches. Businesses should perform regular audits to check for any misconfigured cloud assets.
[Read: Your data and the perils of misconfiguration]
- A large number of users having access to critical parts of the cloud infrastructure can pose security risks. Organizations are encouraged to implement network segmentation to secure their important data.
- Giving users access to only the parts of the IT infrastructure that they need minimizes the chance of data compromise.
Furthermore, AWS lists recommendations for organizations to help them secure their databases, applications, servers, and networks better.
Organizations that use the cloud for their databases can consider security technology such as Trend Micro™ Hybrid Cloud Security, which delivers a blend of cross-generational threat defense techniques that have been optimized to protect physical, virtual, and cloud workloads. It also features the Trend Micro™ Deep Security™ platform, which protects millions of physical, virtual, and cloud servers around the world.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases