Amazon Web Services has a new security threat, according to security researchers at Mitiga. The threat relates to an attack vector in AWS’ Amazon Virtual Private Cloud feature ‘Elastic IP transfer’ which was announced earlier this year and designed to enable an easier transfer of Elastic IP addresses between AWS accounts. Researchers believe that a threat actor could exploit the transfer process to compromise an IP address. Furthermore, the attackers could leverage the process to launch a large range of attacks.
New features often bring new security risks. In this case, attackers could conduct malicious activities using the Elastic IP address, such as command and control server campaigns. Attackers could also communicate with network endpoints used by the victims to launch an attack. Threat actors would require identity and access management permissions in order to conduct the attacks.
Read More: Organizations Warned of New Attack Vector in Amazon Web Services
