MinIO Cyberattack Showcases Fresh Corporate Cloud Vector

The open source object storage service was the target of a never-before-seen attack on corporate cloud services, which researchers said should put DevOps in particular on notice.

A brand-new attack vector has emerged in the cloud, allowing cybercriminals to remotely execute code and take full control over systems running the distributed object storage system called MinIO.
MinIO is an open source offering
compatible with the
Amazon S3 cloud storage service
, which allows companies to handle unstructured data like photos, videos, log files, backups, and container images. Researchers at Security Joes recently observed threat actors making use of a set of critical vulnerabilities in the platform (
CVE-2023-28434
and
CVE-2023-28432
) to infiltrate a corporate network.
The specific exploit chain we stumbled into was not observed in the wild before, or at least documented, making this the first instance of evidence showcasing such non-native solutions are being adopted by attackers, according to Security Joes. It was surprising to discover that these products could have such relatively easy to exploit new set of critical vulnerabilities, making it an enticing attack vector that can be found by threat actors via online search engines.
In the attack, the cybercriminals duped a DevOps engineer to update MinIO to a new version that effectively functioned as a backdoor. Security Joes incident responders determined that the update was a weaponized version of MinIO containing a built-in command shell function called GetOutputDirectly(), and remote code execution (RCE) exploits for the two vulnerabilities, which were disclosed in March.
Further, it turns out that this booby-trapped version is available in a GitHub repository under the moniker Evil_MinIO. Security Joes researchers noted that while this particular attack was stopped before the RCE-and-takeover stage, the existence of the evil-twin software should put users on notice to watch for future attacks, especially against software developers. A successful attack could expose sensitive corporate information and intellectual property, allow access to internal applications, and set attackers up to pivot deeper into organizations infrastructure.
Failing to explicitly recognize the paramount importance of security across the entirety of the software development lifecycle constitutes a critical oversight, according to
Security Joes blog post
on the investigation. Such negligence can potentially expose an organization to substantial risks. While these risks might not be immediate, they lurk in the shadows, awaiting the right opportunity for exploitation.

Last News
▸ Negligence and glitches increase breach costs globally. ◂ Discovered: 26/12/2024 Category: security	▸ Zeus Bank Malware Spreading on Facebook. ◂ Discovered: 26/12/2024 Category: security	▸ WikiLeaks offers Snowden a flight to Iceland. ◂ Discovered: 26/12/2024 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
MinIO Cyberattack Showcases Fresh Corporate Cloud Vector