Open-source tool BlobHunter helps pinpoint public Azure blobs that might contain sensitive files

CyberArk researchers have released BlobHunter, an open-source tool organizations can use to discover Azure blobs containing sensitive files they have inadvertently made public.

The cloud storage misconfiguration problem

The many advantages of using the public cloud for storage are not lost on most organizations.

But despite access to the files uploaded to cloud storages being by default private and cloud providers constantly sharing and reiterating best practices for securing them, misconfigurations happen all the time, making potentially sensitive information publicly accessible to anyone who knows how to find it.

For companies, the best possible outcome for this situation is that a security researcher stumbles upon their sensitive data before a malicious actor does, and warns them to lock it down.

CyberArk Labs researchers Daniel Niv and Asaf Hecht wanted to see just how much sensitive information is publicly available on Azure’s Blob Storage, a service designed specifically for storing unstructured data, data for backup and restore, files for distributed access, etc.

The result of their research was dishearthening – they found some 2.5 million records and files that included personally identifiable information (PII), 2,300 files related to individuals’ health status, 2,000 files containing financial information, one million invoice files, half a million log files, as well as files containing encryption and firmware keys, SSH, SSL VPN, SMTP and MySQL usernames and passwords, and more.

“This research was eye-opening in so many ways and truly highlighted the problem and inherent risk of misconfigured cloud storage systems. While we focused this research on Microsoft Azure, the risk is equally present in most cloud environments,” Niv noted.

“We recommend everyone to look at the containers and files they are storing in any cloud system and make sure they have the correct access permissions.”

BlobHunter points out public Azure blobs

To help organizations pinpoint publicly opened Azure blobs (storage containers), the researchers created and made available BlobHunter, a Python-based tool that audits their Microsoft Azure storage accounts and checks their file access levels.

“This can be helpful on large Azure subscriptions where there are lots of storage accounts that could be hard to track,” the researchers noted.

The tool can be used by authenticated Azure users with specific roles and/or permissions. It will return results in the form of a CSV file with details on each publicly opened container in the scanned environment.