Amazon EC2 instances under fire from whoAMI attacks potentially giving hackers code execution access
Posted by:
Sarah Collins
A security flaw dubbed “WhoAMI” has been identified in Amazon Machine Image, potentially allowing threat actors to execute remote code on users’ AWS accounts. Experts have warned that AWS users are at risk of a name confusion attack due to this vulnerability. Discovered by cybersecurity researchers DataDog in 2024, Amazon has since addressed the issue and advised users to update their code. AMIs play a crucial role in creating and launching virtual servers in AWS, enabling efficient cloud infrastructure management. The flaw stemmed from a flaw in the way software projects retrieve AMI IDs, granting threat actors unauthorized access. While Amazon has released a fix and introduced a new security control, users are urged to apply updates to safeguard their systems. Despite the vulnerability affecting a small percentage of users, the potential impact spans “thousands” of AWS accounts. It’s crucial for affected users to take necessary precautions to mitigate the risk associated with the “WhoAMI” flaw.
Recent Posts1
