Security News > 2020 > November > Researchers Find Tens of AWS APIs Leaking Sensitive Data
Palo Alto Networks security researchers identified more than 20 Amazon Web Services APIs that can be abused to obtain information such as Identity and Access Management users and roles.
The same attack could be leveraged to abuse 22 APIs across 16 different AWS services to obtain the roster of an account, get a glimpse into an organization's internal structure, and leverage the information to launch targeted attacks against specific individuals.
According to the security researchers who identified the vulnerable APIs, the attack works across all three AWS partitions.
What's more, the enumeration is not visible from the targeted account, because the API logs and error messages are available only for the "Attacker's account where the resource policies are manipulated," the researchers note.
"Good IAM security hygiene can still effectively mitigate the threats from this type of attack. Although it's not possible to prevent an attacker from enumerating identities in AWS accounts, the enumeration can be made more difficult and you can monitor for suspicious activities taken after the reconnaissance," the researchers note.