Your AWS S3 instance may not be as secure as you hope
Excessive user permissions neutralize S3’s inherent security advantages
Virtually all businesses have identities that, if compromised, would place at least 90% of the S3 buckets in their Amazon Web Services (AWS) account at risk, according to a new research.
The research was conducted by cloud security vendor Ermetic, in order to determine the circumstances that would allow ransomware to make its way to Amazon S3 buckets.
“We found that in every single account we tested, nearly all of an organization’s S3 buckets were vulnerable to ransomware. Therefore, we can conclude that it's not a matter of if, but when, a major ransomware attack on AWS will occur,” noted Shai Morag, Ermetic’s CEO.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
- These are the best endpoint protection tools
- Here's our choice of the best malware removal software on the market
- Also take a look at the best firewall apps and services
Ermetic acknowledges that while the IT security community considers S3 buckets as extremely reliable, many businesses fail to realize that the biggest risk to the cloud storage service comes from weak, compromisable identities.
Compromisable identities
Ermtic argues that a compromised identity with a toxic combination of entitlements is enough to launch a ransomware attack on a business’ S3 buckets, and its research revealed that such a combination is “extremely common.”
Its research showed that over 70% of the evaluated environments had machines that were publicly exposed to the internet, with identities whose permissions made them susceptible to compromise by threat actors.
Similarly, over 45% of the environments were found to have third party identities that could be compromised to elevate their privileges to admin level.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
More worryingly was the discovery that about 80% of the environments contained Identity and Access Management (IAM) users with enabled access keys that had not been used for 180 days or more. In fact, about 60% of the evaluated environments had IAM users that allowed console access without mandating multi-factor authentication (MFA).
“The highly permissive and excessive permissions granted to identities are probably the greatest enabler that malicious actors have and need to carry out their payload. Once you nip these permissions in the bud and allow them only where necessary, you are taking the biggest stride toward mitigating such risks,” the researchers conclude, advocating the use of the principle of least privilege to secure cloud storage.
- Protect your devices with these best antivirus software
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.