AWS is the most popular cloud service provider, with a solid reputation for security and dependability. Despite this, Ermetic's research demonstrates that identities pose a severe security concern and expose buckets to the risk of a ransomware attack. According to new research, 90% of S3 buckets are vulnerable to ransomware attack.
Ermetic conducted the survey in order to better understand the security posture of AWS environments and their susceptibility to ransomware attacks, as well as to assist enterprises in identifying system flaws and mitigating risks. “Very few companies are aware that data stored in cloud infrastructures like AWS is at risk from ransomware attacks, so we conducted this research to investigate how often the right conditions exist for Amazon S3 buckets to be compromised,” said Shai Morag, CEO of Ermetic.
A stunning 70% of machines had permissions that might be exploited and were openly exposed to the internet. The privileges of third-party identities could be extended to admin level in 45% of situations. Furthermore, 80% of IAM Users had access credentials that had not been used in at least 180 days but were still active.
According to Saumitra Das, Blue Hexagon CTO and Cofounder, this report emphasises the critical need to “detect threats” in the cloud rather than focusing solely on misconfigurations. According to research from the Cloud Security Alliance, even if misconfigurations in S3 buckets or IAM access keys have been inactive for a long time, it might take days, weeks, or even months for these to be discovered and remedied.
It also emphasises that ransomware is not just an on-premises issue; as the pandemic has increased cloud transfer of workloads, attackers and ransomware criminal operators have also accelerated cloud migration.
Firms must monitor three things, according to Das, including runtime activity of identities; cloud storage, including read/write patterns, and network activity, which can assist companies determine when instances are exposed to the internet and their identities are misused.
According to the research, here are a few methods that organizations can take to protect their AWS S3 buckets from ransomware:
• Deploy Minimum Privilege - implement an authorization system that only allows identities to conduct their business functions with the bare minimum of entitlements, decreasing the possibility of ransomware infecting buckets.
• Reduce the risk of ransomware by following best practises to avoid/remove common problems that ransomware can use to steal identities and install malware.
• Use logging and monitoring tools like CloudTrail and CloudWatch to spot suspicious activity that can lead to early detection and response in the event of a ransomware attack.