What Makes AWS Buckets Vulnerable to Ransomware and How to Mitigate the Threat
As more data is being migrated to cloud, the risk of ransomware attacks on AWS’ S3 buckets have increased.
A recent Toolbox article explored our recent Ransomware research which found that about 90% of Amazon S3 buckets are vulnerable to ransomware attacks due to a combination of high-risk identities and configuration errors.
Despite the high reliability of AWS S3 buckets, Toolbox explained that very little protects the data they contain from identities that have permissions to control them. Once identities are compromised, they "can become the soft underbelly that puts organizations at substantial risk of ransomware exposure, potentially enormous and costly business impact."
Our research revealed the following factors which would enable ransomware actors to infiltrate and operate on Amazon S3 buckets:
- Overall, every corporate environment investigated had identities at threat of being compromised, with the ability to conduct ransomware operations on almost 90% of AWS account buckets.
- About 70% of the environments included computers that were openly accessible on the internet and identities whose permissions enabled exposed workstations to run ransomware.
- Third-party identities with the potential to conduct ransomware by escalating their privileges to the admin level were found in over 45% of the settings (an amazing result with far-reaching ramifications beyond the ransomware focus of this research).
- IAM Users with activated access keys that had not been used in 180 days or more were discovered in over 80% of the settings, giving them the potential to execute ransomware attacks.