According to security researcher Kevin Beaumont, misconfigured S3 buckets are a common problem amongst Amazon Web Services (AWS) users.
Beaumount has warned that writable S3 buckets accessed by the public could be used by cyber criminals for ransomware attacks.
This is because of the large amount of data that can be stored in S3 buckets.
In the past six months, documents have been exfiltrated from unprotected S3 buckets belonging to Verizon, NSA, the US Military and Octoly, according to Tech Republic.
‘Painstaking security development’
Josh Mayfield, director at enterprise security firm FireMon, wrote in a statement: “AWS will likely see a sizable ransomware attack in the coming months, not due to any flaws in AWS security, but because of misconfigurations.
“There is a persistent belief that since the infrastructure is a ‘service’ (IaaS), then the responsibility falls to the IaaS provider to secure their systems.”
He also noted to Tech Rebulic that AWS has gone through “painstaking security development to bring the most robust controls you can have with a public cloud”.
Written by Leah Alger