90% of AWS S3 Buckets Are Vulnerable to Ransomware

AWS is the leading cloud provider, but new research shows that 90% of S3 buckets are vulnerable to ransomware attack.

AWS is the leading cloud provider, and has a good reputation for security and reliability. Despite that, however, research from Ermetic shows that identities pose a serious risk to security and open buckets up to the possibility of a ransomware attack.

The IT community regards S3 buckets as extremely reliable. What organizations typically don’t realize is that the biggest risk to this storage comes from another source: identities. A compromised identity with a toxic combination of entitlements can easily perform ransomware on an organization’s data. Recent Ermetic research found that ransomware-vulnerable combinations are very common — putting most organizations using S3 buckets at risk.

According to Ermetic, every enterprise environment the company studied had at-risk identities, with 90% of AWS S3 buckets vulnerable. A whopping 70% of machines were publicly exposed to the internet with permissions that could be exploited. Some 45%of environments had third party identities whose privileges could be escalated to admin level. In addition, 80% had IAM Users with access keys that had not been used for at least 180 days, but were still enabled.

“Very few companies are aware that data stored in cloud infrastructures like AWS is at risk from ransomware attacks, so we conducted this research to investigate how often the right conditions exist for Amazon S3 buckets to be compromised,” said Shai Morag, CEO of Ermetic. “We found that in every single account we tested, nearly all of an organization’s S3 buckets were vulnerable to ransomware. Therefore, we can conclude that it’s not a matter of if, but when, a major ransomware attack on AWS will occur.”

In a statement to WebProNews, Saumitra Das, Blue Hexagon CTO and Cofounder, said Ermetic’s research highlights the need to detect threats instead of simply trying to fix misconfigurations.

“This report highlights the urgent need to “detect threats” in the cloud and not just focus on misconfigurations,” Das said. “Research from Cloud Security Alliance shows that even if…