Capital One Breach- AWS

Pallavi VaranasiCloud Security Expert - CloudCodes Software
  • February 11th, 2020

A data hack that compromised more than 150 million people’s records. It was one of the biggest data breaches ever – The Capital One Breach.

How does Capital One Breach happen?

In the year 2019, a popular bank suffered a huge jolt of a data breach when the financial and personal data of more than 100 million customers was exposed publicly. The FBI held an employee of Amazon responsible for this heinous crime. The government investigated that the employee created a faulty program to scan the cloud customers for web application firewall misconfiguration. The employee further gained access to the customer’s database and exploited their credentials. 

According to a source of the breach investigation, the misconfiguration of the firewall allowed the hacker to gain access to a key on the back-end resource of the AWS platform. Through the resource, the hacker transferred the temporary information including financial and personal data to the cloud server. This cloud server was later made public and allowed any resource in the cloud to access the information stored in it. 

The Capital One Data Breach was first detected in July 2019 and found that more than 150 million social security numbers and linked bank account details were exposed because of it.  

AWS & Customer Shared Responsibility

AWS resources such as S3 works on the principle on the shared responsibility i.e both AWS and customer have their own role to play. While AWS is responsible for ensuring infrastructure security such as Data Centre and the customer has to ensure resources are properly configured from a security perspective. 

CIS has provided security best practices for AWS, which includes how resources should be configured from the security perspective to avoid any data breach.

AWS is a shared model between the customer and AWS which makes it easier to build a highly secure and reliable cloud environment. AWS is responsible for controlling the customer’s data stored in various buckets. Customers are responsible for implementing access control policies and Data Loss Prevention policies to prevent unauthorized access. AWS shared responsibility is required to maintain and secure client and server-side encryption, network traffic, firewall configuration, identity and access management. 

The three main examples of shared responsibility are :

  • AWS Relational Database Service (RDS)
  • AWS Elastic Map Reduce (EMR)
  • AWS Elastic Beanstalk

Shared responsibility provides the control that allows the deployment of solutions based on industry-specific requirements. AWS controls access to the data stored in buckets and allows access to only those authorized users who are approved under AWS policies. Since AWS is a virtual data storage platform, so it is designed meticulously to protect customer’s data from threats and violations. In the shared responsibility model, AWS is responsible for computing, storing, networking, and securing the database. 

How to prevent such incidents?

As the adoption of AWS is increasing within an organization, it is becoming a hurricane task to monitor various aspects of infrastructure hosted on AWS from a security perspective. Recent breaches have in fact increased the cloud security threats and challenges for security professionals within an organization.  Centre for Internet Security(CIS) has come with the best security practices for various cloud platforms including AWS. 

Ways to proactively prevent the breach

1.Up-to-date security: The first step to preventing a data breach is to perform security updates and check regularly. Amazon Cloud servers will help you in configuring the data securely.

2.  Thorough research: Organizations should keep track of the user’s browsing behavior and feedback about the company. This indicates the requirement of the user to use a specific application. 

3. Beware of public sites: Few open sites are responsible for victimizing customers with Capital One Data Breach. It is recommended to continuously monitor the cloud system and restrict users from browsing such gambling sites. 

4. Learn from the mistakes: Loopholes accompany any technology or process, and incidents related to security failure are human to occur. Companies should learn from the mistakes done in the past. The learning process will help better ideas in combating data threats

5. Know your data: Companies build various DLP policies like keywords, structured/unstructured fingerprints in controlling and securing their sensitive data. If the customer can identify the exact S3 bucket in which their information is stored, then they can quickly fix the problem and ensure complete safety to the data.