In fact, misconfigured S3 buckets are becoming extremely common. In March of 2020, an Amazon S3 bucket belonging to two financial organizations made headlines after highly sensitive financial and business documents were exposed due to an S3 bucket misconfiguration.
Unfortunately, many organizations fail to configure these permissions effectively, which results in devastating consequences. How Hackers Leverage Misconfigured Amazon S3 Buckets and Malicious FilesĪmazon S3 buckets are accessible to the public, and the responsibility is placed on the organization to configure access and grant permissions to the bucket along with the data and files it hosts. Not only does entry into S3 buckets provide them with access to troves of data that they can harvest and sell on dark web marketplaces, but it also allows hackers to steal and encrypt sensitive data that they can hold for ransom. As a result, S3 buckets are a prime target for hackers. Have you ever uploaded a contract, insurance claim, signed lease, or tax form to a portal? If so, you have interacted with an S3 bucket, and your information is likely being stored there. As organizations continue prioritizing rapid digital transformations, these types of services are gaining popularity-from large Fortune 500 companies to small, emerging startups.
The service allows organizations to store and retrieve any file or dataset, at any time, from anywhere on the web. What are Amazon S3 Buckets and Who Uses Them?Īn Amazon S3 bucket is a file hosting and data storage service that is popular among financial institutions, health care organizations, and insurance companies. While there may be a variety of ways an attacker can distribute ransomware within an S3 bucket, malicious files top the list as one of the most dangerous methods as they can easily evade detection. Recent research from Rhino Security Labs shows that ransomware can be distributed through the cloud via Amazon Simple Storage Service (Amazon S3) buckets. However, there are a variety of other attack vectors bad actors are currently leveraging to carry out ransomware attacks that can be incredibly damaging to an organization.
When we think of ransomware attacks, we often assume the attacker gained access to the enterprise network via a phishing email.
0 kommentar(er)
