New security flaws have emerged in the AWS’ Amazon Simple Storage Service (S3) buckets which are now exposed via additional channels and APIs, which create new security loopholes allowing hackers to exploit.
The flaw in cloud platforms has given threat actors an opportunity to steal data from various organizations. Several industries such as finance, fintech, retail, manufacturing, enterprise software, and more, have failed to implement the most efficient threat detection tools to ensure their data is properly secured in the cloud. The companies are essentially blind when it comes to files that originate from external sources, internal company assets, etc.
In each scenario, the blend of file types may vary depending on the business, but most files fall under the high-risk category and should be properly examined. Content-borne risks include malware, ransomware, APTs, embedded malicious links, evasion attempts, and more which are well hidden in different file types including Word (.doc, .docm, .docx), Excel (.xls, .xlsx, .xlsm, etc.), PowerPoint (.ppt, .pptx, .pptm), Adobe (.pdf), archive files, text files, executables, and even email (.eml) files.
Maor Hizkiev, CTO and co-founder of BitDam notes that the average office worker now spends up to 80% of their time collaborating with their managers and colleagues using collaboration tools such as instant messaging, Dropbox, Google Drive, or OneDrive, however, many collaboration tools lack adequate security.
Hence, modern threat detection tools are required to detect the threats and mitigate them quickly. Threat detection tools must be able to scan 100 percent of files dynamically and in a matter of seconds and should deliver high detection rates and low false positives.
Previously, sandbox technology was used to scan the files but due to its slow nature companies were forced to be selective concerning which files to scan. This increases the risk for the infiltration of malicious content, and this is what attackers are exploiting.
Security Recommendations
Security analysts have advised organizations and business application providers to remain vigilant regarding their security and realize that S3 bucket security is a blind spot due to the changing use cases and data workflows. Meanwhile, they should also upgrade their threat detection tools.
Organizations should adopt the cloud-native solution which can easily scan 100 percent of their S3 content in seconds – both files and URLs at the CPU level. The cloud-native solution detects security loopholes by scanning the entire execution flow to identify malicious activity. Another important element that companies should consider is access to an incident response team. Organizations must be vigilant while selecting the right service for comprehensive S3 bucket protection at the speed and scale of their business.