Last week the Internet was a buzz with the information related to Capital One Data Breach. Around 30 GB of data was breached. It is estimated to consist of around 140,000 social security numbers (SSN); 80,000 bank account numbers of US consumers and around 1 million social insurance numbers (SIN) for Canadian credit card consumers.
As per the information published and inferred by a number of news outlets, the attacker was able to exploit a mis-configuration in Web Application Firewall (WAF) which allowed the attacker to assume the role of the WAF in order to list as well as copy the contents of AWS S3 buckets.
3 Lessons from this Breach
1. AWS S3 bucket in this breach was not publicly exposed. So, contrary to the popular belief, a major data breach is not limited to AWS S3 buckets that are mis-configured and publicly exposed. Think beyond security tools that are doing configuration checks.
2. The data was exfiltrated in this breach using the Sync Command that internally uses APIs. Modern Internet applications are driven by APIs and as seen in this breach today’s Web Application Firewall (WAF) is not the best tool for securing APIs. Think beyond authentication & authorization as today’s threats are ONLY about Data.
3. This data breach was reported to Capital One via their responsible disclosure email. Capital One did not have the right set of tools to provide visibility and discovery. Think beyond reactive response and look towards the right set of tools that provide visibility and discovery which will lead to a better understanding of your Data movement.
Check out this 44 seconds video about the data breach and how ArecaBay can protect your data.
Check out our detailed 6 minutes video demonstrating ArecaBay capabilities to detect and prevent un-authorized AWS S3 downloads
Traditionally and even today, a number of us tie Security to Access Control. Access control is needed but this breach is a great example to think beyond and to look at Data and the interface to that data i.e. APIs as a means to secure the Data. Please comment below and let me know what you think. Also, please follow me on Twitter @ravi_balupari and let’s talk some more.
#apisecurity #capitalonebreach #databreach #cybersecurity #cloudsecurity #apidatasecurity