We all know that AWS S3 buckets are highly reliable and are used with huge confidence. However, they face great security risks that have been pointed out in a study by Ermetic. Titled “AWS S3 Ransomware Exposure in the Wild”, the study discovered that most of the security risk to S3 buckets is posed by compromised identities.
Diving into the findings
As the title suggests, 90% of these buckets are susceptible to attacks due to compromised identities. These identities, if compromised and combined with the right entitlements, can expose data objects to ransomware.
More than 70% of the environments studied, had publicly exposed machines. These machines were connected to identities whose permissions can be abused to conduct ransomware.
More than 45% of the environments had third-party identities that can conduct ransomware via privilege escalation.
Around 80% of the environments had Identity & Access Management (IAM) users with access keys enabled that had not been in use for 180 days or more. These keys had permissions to conduct ransomware.
Why this matters
While these statistics are based on single, compromised identities, the real situation is likely worse. In most ransomware campaigns, threat actors move laterally across several networks, compromising multiple identities and leveraging their combined permissions. Furthermore, ransomware is not just an on-premises issue but has migrated to the cloud as the pandemic gradually progressed.
Secure your cloud environment
The dark web is rife with markets for public cloud access. Thousands of cloud accounts and resources are up for sale.
In around 70% of instances, attackers offered RDP access to cloud resources.
More than 2,500 cloud-related flaws have been disclosed to date, of which almost half were disclosed in the past 18 months. This immense rise in vulnerability disclosures calls for better management of the burgeoning risks.
Ransomware and cryptominers are the top malware deployed in cloud environments. New strains of old malware are targeting Docker containers.
The bottom line
There are several mitigation measures to reduce an organization’s susceptibility to ransomware attacks on S3 buckets. They include implementing least privilege access, removing risk factors, and bucket replication, among others. The possibility of ransomware attacks on S3 buckets is quite concerning indeed, which necessitates an integrated security approach.