Virtually all businesses have identities that, if compromised, would place at least 90% of the S3 buckets (opens in new tab) in their Amazon Web Services (AWS (opens in new tab)) account at risk, according to a new research.
“We found that in every single account we tested, nearly all of an organization’s S3 buckets were vulnerable to ransomware. Therefore, we can conclude that it's not a matter of if, but when, a major ransomware attack on AWS will occur,” noted Shai Morag, Ermetic’s CEO.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
>> Click here to start the survey in a new window (opens in new tab) <<
- These are the best endpoint protection tools (opens in new tab)
- Here's our choice of the best malware removal (opens in new tab) software on the market
- Also take a look at the best firewall apps and services (opens in new tab)
Ermetic acknowledges that while the IT security community considers S3 buckets as extremely reliable, many businesses fail to realize that the biggest risk to the cloud storage (opens in new tab) service comes from weak, compromisable identities.
Ermtic argues that a compromised identity with a toxic combination of entitlements is enough to launch a ransomware attack on a business’ S3 buckets, and its research revealed that such a combination is “extremely common.”
Its research showed that over 70% of the evaluated environments had machines that were publicly exposed to the internet, with identities whose permissions made them susceptible to compromise by threat actors.
Similarly, over 45% of the environments were found to have third party identities that could be compromised to elevate their privileges to admin level.
More worryingly was the discovery that about 80% of the environments contained Identity and Access Management (IAM (opens in new tab)) users with enabled access keys that had not been used for 180 days or more. In fact, about 60% of the evaluated environments had IAM users that allowed console access without mandating multi-factor authentication (MFA (opens in new tab)).
“The highly permissive and excessive permissions granted to identities are probably the greatest enabler that malicious actors have and need to carry out their payload. Once you nip these permissions in the bud and allow them only where necessary, you are taking the biggest stride toward mitigating such risks,” the researchers conclude, advocating the use of the principle of least privilege to secure cloud storage.
- Protect your devices with these best antivirus software (opens in new tab)