Skip to main content

Your AWS S3 instance may not be as secure as you hope

Cloud Security
(Image credit: laymanzoom / Shutterstock)

Virtually all businesses have identities that, if compromised, would place at least 90% of the S3 buckets in their Amazon Web Services (AWS) account at risk, according to a new research.

The research was conducted by cloud security vendor Ermetic, in order to determine the circumstances that would allow ransomware to make its way to Amazon S3 buckets.

“We found that in every single account we tested, nearly all of an organization’s S3 buckets were vulnerable to ransomware. Therefore, we can conclude that it's not a matter of if, but when, a major ransomware attack on AWS will occur,” noted Shai Morag, Ermetic’s CEO.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

Ermetic acknowledges that while the IT security community considers S3 buckets as extremely reliable, many businesses fail to realize that the biggest risk to the cloud storage service comes from weak, compromisable identities. 

Compromisable identities

Ermtic argues that a compromised identity with a toxic combination of entitlements is enough to launch a ransomware attack on a business’ S3 buckets, and its research revealed that such a combination is “extremely common.” 

Its research showed that over 70% of the evaluated environments had machines that were publicly exposed to the internet, with identities whose permissions made them susceptible to compromise by threat actors.

Similarly, over 45% of the environments were found to have third party identities that could be compromised to elevate their privileges to admin level.  

More worryingly was the discovery that about 80% of the environments contained Identity and Access Management (IAM) users with enabled access keys that had not been used for 180 days or more. In fact, about 60% of the evaluated environments had IAM users that allowed console access without mandating multi-factor authentication (MFA).

“The highly permissive and excessive permissions granted to identities are probably the greatest enabler that malicious actors have and need to carry out their payload. Once you nip these permissions in the bud and allow them only where necessary, you are taking the biggest stride toward mitigating such risks,” the researchers conclude, advocating the use of the principle of least privilege to secure cloud storage.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.