Whitepaper: Misconfigurations Leading to AWS S3 Ransomware Exposure
S3 buckets are advertised by AWS as extremely durable. Recent Ermetic research found that misconfigurations of S3 buckets and access-related factors made exposure to potential ransomware in the real-world sample studied extremely common. This potential risk calls for organizations to take urgent action to correct any such S3 bucket misconfigurations and access-related factors.
Ermetic mapped out scenarios in which a permissions combination could allow an identity to perform ransomware on a bucket. We also analyzed configuration risk factors and the effectiveness of native mitigation features. Putting theory to practice, we then used the Ermetic analysis engine to analyze real-world environments in which all the following factors were true:
- An identity had a permissions combination that enabled it to perform ransomware
- Effective mitigation features were not enabled on the S3 buckets to which the identity had access
- Due to misconfigurations, the identity was exposed to one or more additional risk factors, such as public exposure to the internet, that could lead its being compromised