Your AWS S3 instance may not be as secure as you hope

Date:
Fri, 08 Oct 2021 09:59:39 +0000

Description:
Almost all businesses have improperly configured user accounts that could
give threat actors access to their S3 buckets.

FULL STORY ======================================================================

Virtually all businesses have identities that, if compromised, would place at least 90% of the S3 buckets in their Amazon Web Services ( AWS ) account at risk, according to a new research.

The research was conducted by cloud security vendor Ermetic, in order to determine the circumstances that would allow ransomware to make its way to Amazon S3 buckets.

We found that in every single account we tested, nearly all of an organizations S3 buckets were vulnerable to ransomware. Therefore, we can conclude that it's not a matter of if, but when, a major ransomware attack on AWS will occur, noted Shai Morag, Ermetics CEO. TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix
so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

Click here to start the survey in a new window << These are the best endpoint protection tools Here's our choice of the best malware removal software on the market Also take a look at the best firewall apps and

services

Ermetic acknowledges that while the IT security community considers S3
buckets as extremely reliable, many businesses fail to realize that the biggest risk to the cloud storage service comes from weak, compromisable identities. Compromisable identities

Ermtic argues that a compromised identity with a toxic combination of entitlements is enough to launch a ransomware attack on a business S3
buckets, and its research revealed that such a combination is extremely common.

Its research showed that over 70% of the evaluated environments had machines that were publicly exposed to the internet, with identities whose permissions made them susceptible to compromise by threat actors.

Similarly, over 45% of the environments were found to have third party identities that could be compromised to elevate their privileges to admin level.

More worryingly was the discovery that about 80% of the environments
contained Identity and Access Management ( IAM ) users with enabled access keys that had not been used for 180 days or more. In fact, about 60% of the evaluated environments had IAM users that allowed console access without mandating multi-factor authentication ( MFA ).

The highly permissive and excessive permissions granted to identities are probably the greatest enabler that malicious actors have and need to carry
out their payload. Once you nip these permissions in the bud and allow them only where necessary, you are taking the biggest stride toward mitigating
such risks, the researchers conclude, advocating the use of the principle of least privilege to secure cloud storage. Protect your devices with these best antivirus software



======================================================================
Link to news story: https://www.techradar.com/news/your-aws-s3-instance-may-not-be-as-secure-as-yo u-hope/


--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)