https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

Channel Research


Shutterstock

Cloud data storage

AWS Cloud Storage Service Vulnerable to Ransomware, Says New Research

  • Written by Edward Gately
  • October 8, 2021
It's now a matter of when, not if, a major ransomware attack will hit AWS, the report says.

New research from Ermetic shows Amazon Web Services (AWS) cloud storage is at high risk for ransomware due to high-risk identities and configuration errors.

In virtually all of the participating organizations, Ermetic found identities that, if compromised, would place at risk at least 90% of the Simple Storage Service (S3) buckets in an AWS account.

Ermetic identified the following findings in the organizations that would allow ransomware to reach and execute on AWS cloud storage:

  • Over 70% of the environments had machines publicly exposed to the internet and identities whose permissions allowed the exposed machines to perform ransomware.
  • Over 45% had third-party identities with the ability to perform ransomware by elevating their privileges to admin level. Ermetic said that’s an “astounding” finding with potentially harmful implications far beyond ransomware.
  • Almost 80% had identity and access management (IAM) users with enabled access keys that had the ability to perform ransomware.

Major Ransomware Attack on AWS Inevitable

Shai Morag is Ermetic‘s CEO.

Ermetic Research's Shai Morag

Ermetic Research’s Shai Morag

“Very few companies are aware that data stored in cloud infrastructures like AWS is at risk from ransomware attacks, so we conducted this research to investigate how often the right conditions exist for Amazon S3 buckets to be compromised,” he said. “We found that in every single account we tested, nearly all of an organization’s S3 buckets were vulnerable to ransomware.”

It’s now a matter of when – not if – a major ransomware attack will hit AWS, Morag said.

Ermetic’s findings focus on single, compromised identities. In many ransomware campaigns, bad actors often move laterally to compromise multiple identities and use their combined permissions. That greatly increases their ability to access resources.

Erkang Zheng is founder and CEO of JupiterOne. He said AWS cloud storage has long become a standard for storing file object data.

JuipterOne's Erkang Zheng

JuipterOne’s Erkang Zheng

“We have seen a significant uptick recently in open S3 buckets being compromised simply because of misconfiguration,” he said. “If we can’t even set up a basic, secure cloud bucket with proper encryption and authorization and authentication, we will be even worse at securing actual vulnerabilities in the data storage systems themselves.”

Continuous Asset Monitoring Needed

AWS secures the infrastructure behind the scenes, Zheng said. However, it also makes it very flexible for users to configure the resources and their access.

“Understanding this flexibility and applying controls properly is your responsibility,” he said. “However, this amount of flexibility can sometimes get in the way and complicate things. Knowing what cyber assets exist at a given moment in time is difficult due to the ephemeral nature of cloud infrastructure. Organizations need continuous monitoring of their cyber assets to deliver the vigilance required to stop these accidental disclosures from happening in the future.”

Saumitra Das is CTO and co-founder of Blue Hexagon, a cloud-native artificial intelligence (AI) security provider.

Blue Hexagon's Saumitra Das

Blue Hexagon’s Saumitra Das

“This report highlights the urgent need to detect threats in the cloud and not just focus on misconfigurations,” he said. “It also highlights that ransomware is not just an on-premises problem, but as the pandemic has accelerated cloud migration of workloads it has also accelerated cloud migration for attackers and ransomware criminal operators.”

Cloud Monitoring Important

It’s critical to monitor three things in the cloud, Das said. Those are:

  • The runtime activity of identities in terms of what they are doing and from where.
  • Cloud storage (S3) in terms of the read/write pattern and what is actually being stored.
  • Network activity, which can highlight when instances either inadvertently or deliberately opened to the internet are brute-forced and then identities stored on those instances are used for lateral movement.

Keeping an eye on cloud infrastructure attacks can thwart attackers from gaining enough privilege and access to ransom the data.

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.
Tags: Cloud Service Providers Best Practices Channel Research Cloud Security Strategy

Most Recent


  • New direction
    Deal to Buy Unify from Atos Seals New Direction for Mitel, CEO Explains
    The deal also includes a role for RingCentral.
  • Momentum
    Microsoft Security Now $20 Billion Business with 'Tremendous Momentum'
    One analyst says there's few legitimate obstacles in its path for further growth.
  • Intelisys Pre-AMP'd Marketing Forum
    Intelisys, Suppliers, Agents Take Aim at the Partner Marketing Gap
    Marketing is historically a second thought for the sales-focused world of technology advisors.
  • Layoffs
    IBM and SAP Are the Latest to Announce Layoffs, SAP to Shop Qualtrics
    IBM Will Cut 3,900 employees, while SAP plans to eliminate 3,000 jobs.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • zero trust security
    Sizing Up the Zero Trust Opportunity for the MSP Market
  • Scary hacker
    Ransom Disclosure Act Aims to Help Feds Fight Cybercrime
  • Power grid worker
    Schneider Electric Partners with Distributors to Offer Managed Power as a Service
  • Group of business persons handshake in the office
    Poly: Channel Has Huge Opportunity with Return to the Office

Upcoming Events

View all

Channel Partners Conference & Expo

May 1, 2023 - May 4, 2023

Channel Partners Europe

June 13, 2023 - June 14, 2023

Channel Futures Leadership Summit

October 30, 2023 - November 2, 2023

Galleries

View all

Deal to Buy Unify from Atos Seals New Direction for Mitel, CEO Explains

January 26, 2023

Intelisys, Suppliers, Agents Take Aim at the Partner Marketing Gap

January 26, 2023

Ivanti: Everyone Should be Concerned About ChatGPT and Cybersecurity

January 25, 2023

Industry Perspectives

View all

Make the Most of the Gift of Time in 2023

January 25, 2023

Strong Partnerships Ease Challenging UPS Upgrade

January 24, 2023

The Advantages of Managed Networking and Security During Economic Uncertainty

January 5, 2023

Webinars

View all

Next-Generation MSP Platform: The Building Blocks for Your Business

February 15, 2023

Security Secrets of the MSP 501: How to Be a Cyber Leader in 2023

December 15, 2022
  • 1

Cybersecurity Certifications: Their Evolving Role in the Fight Against Increasing Attacks

December 13, 2022

White Papers

View all

Overcoming Your Endpoint Security Limitations with a Skeleton Crew

October 25, 2022

Embracing the Zero Trust Mindset For Endpoints

October 24, 2022

Endpoints are the Destination

October 24, 2022

Channel Futures TV

View all

Coffee with Craig and James Episode 117: Cato Networks, Video Killed the Podcast Stars

Retired Astronaut Capt. Scott Kelly Previews His CP Expo Keynote

December 21, 2022

Fusion Connect Eyes Future with Intrado UC, Managed Network Customers

September 23, 2022

RingCentral Focused on Hybrid Work, Microsoft Teams, Other Integrations

September 23, 2022

Twitter

ChannelFutures

The CEO of @Mitel discusses the likely outcomes of buying @Atos Unify. Note: @RingCentral will play a role post acq… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

.@msftsecurity surpasses $20 billion in annual revenue, analysts say it's a formidable #cybersecurity market conten… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

The adoption of cloud-based services ☁️ has spiked in the last few years and is among the top growth segments. See… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

[email protected], @NICECXone, @lumencpp, @CiscoPartners joined @IntelisysCorp and partners for a day of marketing worksho… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

.@IBM and @SAP announce #layoffs of thousands of employees dlvr.it/ShV2VY https://t.co/7QK1YqVpwa

January 26, 2023
ChannelFutures

#MSPs can boost #Channel business if they personalize the #DigitalExperience for partners, says @AvePoint.… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

Consider mental health in the context of DE&I. Create safe spaces where employees can feel comfortable being who th… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

.@GoIvanti's CSO says #ChatGPT poses numerous cybersecurity concerns. dlvr.it/ShRmdt https://t.co/n22RZ4PZaO

January 25, 2023

MSP 501

The industry's largest and most comprehensive partner awards program.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X