AWS Cloud Storage Service Vulnerable to Ransomware, Says New Research

New research from Ermetic shows Amazon Web Services (AWS) cloud storage is at high risk for ransomware due to high-risk identities and configuration errors.

In virtually all of the participating organizations, Ermetic found identities that, if compromised, would place at risk at least 90% of the Simple Storage Service (S3) buckets in an AWS account.

Ermetic identified the following findings in the organizations that would allow ransomware to reach and execute on AWS cloud storage:

Major Ransomware Attack on AWS Inevitable

Shai Morag is Ermetic‘s CEO.

Ermetic Research’s Shai Morag

“Very few companies are aware that data stored in cloud infrastructures like AWS is at risk from ransomware attacks, so we conducted this research to investigate how often the right conditions exist for Amazon S3 buckets to be compromised,” he said. “We found that in every single account we tested, nearly all of an organization’s S3 buckets were vulnerable to ransomware.”

It’s now a matter of when – not if – a major ransomware attack will hit AWS, Morag said.

Ermetic’s findings focus on single, compromised identities. In many ransomware campaigns, bad actors often move laterally to compromise multiple identities and use their combined permissions. That greatly increases their ability to access resources.

Erkang Zheng is founder and CEO of JupiterOne. He said AWS cloud storage has long become a standard for storing file object data.

JuipterOne’s Erkang Zheng

“We have seen a significant uptick recently in open S3 buckets being compromised simply because of misconfiguration,” he said. “If we can’t even set up a basic, secure cloud bucket with proper encryption and authorization and authentication, we will be even worse at securing actual vulnerabilities in the data storage systems themselves.”

Continuous Asset Monitoring Needed

AWS secures the infrastructure behind the scenes, Zheng said. However, it also makes it very flexible for users to configure the resources and their access.

“Understanding this flexibility and applying controls properly is your responsibility,” he said. “However, this amount of flexibility can sometimes get in the way and complicate things. Knowing what cyber assets exist at a given moment in time is difficult due to the ephemeral nature of cloud infrastructure. Organizations need continuous monitoring of their cyber assets to deliver the vigilance required to stop these accidental disclosures from happening in the future.”

Saumitra Das is CTO and co-founder of Blue Hexagon, a cloud-native artificial intelligence (AI) security provider.

Blue Hexagon’s Saumitra Das

“This report highlights the urgent need to detect threats in the cloud and not just focus on misconfigurations,” he said. “It also highlights that ransomware is not just an on-premises problem, but as the pandemic has accelerated cloud migration of workloads it has also accelerated cloud migration for attackers and ransomware criminal operators.”

Cloud Monitoring Important

It’s critical to monitor three things in the cloud, Das said. Those are:

Keeping an eye on cloud infrastructure attacks can thwart attackers from gaining enough privilege and access to ransom the data.