aws

How Attackers Abuse S3 Bucket Namesquatting — And How to Stop Them

TLDR: S3 bucket namesquatting exploits predictable naming in AWS S3 buckets, allowing attackers to hijack or manipulate them. Users often rely on default naming conventions, making it easy for bad actors to pre-register bucket names. This leads to security risks, including data breaches and compromised traffic. To prevent this, users should customize bucket names, ensure proper security configurations, and regularly audit for vulnerabilities. Varonis offers solutions for identifying and mitigating risks associated with S3 bucket namesquatting.

https://www.bleepingcomputer.com/news/security/how-attackers-abuse-s3-bucket-namesquatting-and-how-to-stop-them/

Ransomware Abuses Amazon AWS Feature to Encrypt S3 Buckets

,

Ransomware called “Codefinger” is exploiting AWS's Server-Side Encryption with Customer Provided Keys (SSE-C) to encrypt Amazon S3 buckets, demanding ransoms for decryption keys. Victims lose access to data since AWS doesn't store encryption keys. Attackers use compromised credentials to encrypt data and threaten deletion if victims alter files. Amazon advises customers to implement strict security measures, including disabling unnecessary SSE-C, rotating keys, and minimizing account permissions.

https://www.bleepingcomputer.com/news/security/ransomware-abuses-amazon-aws-feature-to-encrypt-s3-buckets/

Scroll to Top