Researchers are sounding the alarm over what they say is a growing threat vector tied to Amazon Web Services and its marketplace of pre-configured virtual servers. The danger, according to researchers with Mitiga, is that threat actors can easily build malware-laced Community Amazon Machine Images (AMI) and make them available to unsuspecting AWS customers.
The threat is not theoretical. On Friday, Mitiga released details of a malicious AMI found in the wild running an infected instance of Windows Server 2008. Researchers said the AMI was removed from a customer’s Amazon Elastic Compute Cloud (EC2) instance earlier this month but is still available within Amazon’s Community AMI marketplace.
The AMI in question was harboring a crypto miner generating Monero coins for unknown hackers on a financial institution’s EC2 for the past five years. Mitiga said it notified Amazon of the rogue AMI on Tuesday, noting Amazon responded promising a reply within five business days.
“Vulnerabilities of this sort pose significant risk, as embedded code can potentially include malware, ransomware or other type of attack tools,” said Ofer Maor, chief technology officer and co-founder of Israel-based Mitiga.
Amazon Machine Images come in two flavors and are available through the AWS marketplace. Amazon offers its own AMIs and those from pre-qualified partners. The AWS marketplace also includes tens of thousands of Community AMIs. These AMIs have less stringent policing and are often available at no or low costs. As the name suggests, they are created by community members.
“The issue here is not with the customer doing something wrong,” Maor said. “The issue is with the Community AMIs and that there are no checks and balances. Anybody can create one and put it in the Community AMI library. That includes ones with malicious executables.”
AMIs offer developers an easy way to quickly spin up cloud-based compute solutions that can range from legacy servers, specialized IoT computing systems to virtual servers that offer mainstream cloud-based business applications. These pre-baked AMI instances can be a godsend for developers looking to save time and money when building out EC2 instances.
For Amazon’s part it does clearly spell out the risks involved with the Community AMIs available on its platform:
“You use a shared AMI at your own risk. Amazon can’t vouch for the integrity or security of AMIs shared by other Amazon EC2 users. Therefore, you should treat shared AMIs as you would any foreign code that you might consider deploying in your own data center and perform the appropriate due diligence. We recommend that you get an AMI from a trusted source.”
Researchers at Mitiga contend Amazon doesn’t go far enough in creating safeguards. It argues, similar to code repositories such as GitHub, Amazon needs to create some type of user ratings or feedback loop tied to Community AMIs. That way the users can help self-police the ecosystem.
“I don’t think there is enough awareness around AMI security,” Maor said. Unlike Amazon’s consumer marketplace that offer detailed descriptions of sellers, product ratings and reviews, with Community AMIs these details are “completely obfuscated,” he said.
“There are tens of thousands of community AMIs. You don’t know who the publishers are, there is no ratings. There’s no reviews. And there is an assumption that if it’s part of AWS it’s kosher. And what we’re finding is that is far from case. We believe the risks are tremendous,” Maor said.
He added that, unlike malicious code found in popular repositories, malicious AMIs are by magnitude harder to spot. Identifying malicious code, such as a crypto miner, buried in virtual-machine binaries can be extremely difficult versus identifying bad or rogue code in open-source code in code repositories.
Malicious AMIs are not an entirely new phenomena. In 2018, Summit Route investigated claims of a Community AMI that allegedly also contained the Monero miner malware. The instance was flagged on GitHub by a user.
“This malware will attempt to exploit vulnerabilities associated with Hadoop, Redis, and ActiveMQ, so one possibility is that the creator of this AMI had been a victim and had their system infected before they created the AMI,” according to the report.
Mitiga researchers believe the attack vector includes bad actors taking a spray-and-pray approach to creating malicious AMIs. “In this instance it was an outdated Windows Server 2008 AMI. The parties that would use a legacy AMI like this would probably have legacy software, which would allude to a possible financial institution. An attacker could easily find themselves inside a very sensitive and vulnerable environment.”
Mitiga recommends, “out of an abundance of caution, companies utilizing Community AMIs are recommend to verify, terminate, or seek AMIs from trusted sources for their EC2 instances.”
It’s the age of remote working, and businesses are facing new and bigger cyber-risks – whether it’s collaboration platforms in the crosshairs, evolving insider threats or issues with locking down a much broader footprint. Find out how to address these new cybersecurity realities with our complimentary Threatpost eBook, 2020 in Security: Four Stories from the New Threat Landscape, presented in conjunction with Forcepoint. We redefine “secure” in a work-from-home world and offer compelling real-world best practices. Click here to download our eBook now.