Attackers usually gain access to an organization’s cloud assets by leveraging compromised user access tokens obtained via phishing, by using malware, or by finding them in public code repositories. These are long-term access tokens associated with an AWS IAM or federated users (i.e, users who have authenticated via a third-party identity platform). They grant users – whether legitimate or malicious ones – specific roles and privileges. If the permission level is high enough, this compromised … More
The post Short-term AWS access tokens allow attackers to linger for a longer while appeared first on Help Net Security.