This is a most excellent place for technology news and articles.
Y'all obviously lead with AI and you're bad at propaganda.
The attackers initially gained access by stealing valid test credentials from public Amazon S3 buckets. The credentials belonged to an identity and access management (IAM) user with multiple read and write permissions on AWS Lambda and restricted permissions on AWS Bedrock
Run your shit against tenable once in a while.
The point of the article is to show that with help of AI, attacks can be executed faster, which means higher success chance for getting more data/damage as you're essentially running against time.
How long would all this have taken without automation?
According to you all shorter because AI is simultaneously garbage propping upa bubble, so my sarcastic answer is it's slower.
That being said I know I could detect and scan, with nessus/snyk/security hub and detect the issue inside of 5 minutes. Probably another half hour to hour for a proper pen tester to send an AWS exploit package at it and own the rest within an hour or two.
How many people do you think catch exploits in the first day or even week or month of a hack? I've got some news for you, its only the companies who really need their shit together and have a strong opssec team. They ain't going deleting buckets. They sit on it for months and years in most post mortem.
This is just poor security. Not like in TV/Movies where an "AI" was found "breaking layers of firewalls and encryption" or whatever 🤣
Somebody fucked up. Plain and simple.
