AWS intruder achieved admin access in under 10 minutes thanks to AI assist (www.theregister.com)

On November 28, a digital intruder achieved administrative access to an AWS cloud environment in under 10 minutes, utilizing AI to automate key phases of the attack, according to the Sysdig Threat Research Team. The criminal exploited stolen test credentials from public Amazon S3 buckets, which had privileged access to AWS Lambda and Bedrock models. During the breach, the attacker compromised 19 distinct AWS principals, used language models to generate malicious code with Serbian comments, and executed code injection to elevate privileges. The rapidity and sophistication of the attack underscore a growing trend of AI-assisted cybercriminal activity, raising significant concerns about the potential for fully automated attacks in the future. The incident highlights critical vulnerabilities in cloud security, especially related to identity and access management (IAM). Sysdig recommends organizations implement stringent security measures, such as using temporary credentials, applying the principle of least privilege, and properly configuring S3 bucket access. Additionally, they stress the importance of monitoring model usage and enabling logging for tools like Amazon Bedrock to detect unauthorized actions. This event serves as a stark reminder for the AI/ML community of the need for enhanced security protocols amid the increasing reliance on AI technologies for both defending and attacking cloud infrastructures.