Open in app

Sign in

Write

Sign in

Serverless CISO

We explore the benefits and cybersecurity of serverless computing. Serverless allows startups and large enterprises to build some amazing things by providing on-demand, event-based, and low-cost computing.

Featured

How To Protect Your AWS S3 Buckets From Ransomware

--

Photo by Marek Studzinski on Unsplash

A recent article highlighted how files on an S3 bucket can be taken captive by a ransomware attack.

AWS S3 feature abused by ransomware hackers to encrypt storage buckets

AWS server-side encryption is being abused in the next evolution of ransomware

www.techradar.com

How The Attack Happens

A malicious actor will do the following to ransom your S3 objects.

  1. Find an AWS IAM keys that are exposed.
  2. They access your AWS accounts with the IAM keys.
  3. The discover which S3 buckets to which the IAM key has privileges.
  4. They use the SSE-C encryption method to encrypt the bucket.
  5. They mark the buckets for deletion in one week using lifecycle rules.

Even if you pay to have the objects decrypted, they might be automatically deleted before you even get a chance to decrypt them.

How To Protect Yourself

There are various ways to protect yourself from this type of attack.

Protect Your IAM Keys

  1. Do not commit them to your repos.
  2. Do not shared them in Slack or other messaging tools.
  3. Rotate the keys on a schedule.
  4. Delete them when you no longer need them.
  5. Enforce MFA with the associated IAM user.

Stop Using IAM Keys

  1. Use AWS STS to issue you a temporary IAM access keys that expire after one hour.
  2. AWS IAM Identity Center that provides temporary IAM access keys from its web-based portal.
  3. Use a Lambda function to perform the request. Assign the function to have the permissions to perform the desired changes. Securely invoke the function.

Use Least Privilege IAM Policies

  1. Write your policies to only have the necessary privileges to get the job done and nothing else.
  2. The IAM users should not have access to more resources than needed.

Replication and Backups

  1. Use AWS Backup to back up your S3 objects.
  2. Replicate your S3 objects to a bucket in another region.
  3. Replicate your S3 objects to another AWS account.

S3 Features

  1. Turn on object lock which prevents modifying S3 objects.
  2. Use lifecycle management that moves old objects to cold storage which takes a long time to retrieve. This could mess up the ransomware scripts.
  3. Use S3 versioning. Even if the object is deleted, any old version are still retained unless explicitly deleted.

Podcast Discussion

I discussed this topic on the LogiCast podcast.

Before you go

Did you know I wrote a book that will help you build a serverless application step-by-step?

Mastering AWS Serverless: Architecting, developing, and deploying serverless solutions on AWS…

Mastering AWS Serverless: Architecting, developing, and deploying serverless solutions on AWS (English Edition) [A…

amzn.to

As an Amazon Associate I earn from qualifying purchases.

AWS
Serverless
Cloud
Cloud Computing
Technology

--

--

Serverless CISO
Serverless CISO

Published in Serverless CISO

10 Followers
Last published Jan 22, 2025

We explore the benefits and cybersecurity of serverless computing. Serverless allows startups and large enterprises to build some amazing things by providing on-demand, event-based, and low-cost computing.

Miguel A. Calles
Miguel A. Calles

Written by Miguel A. Calles

596 Followers
200 Following

Author of Mastering AWS Serverless · AWS Community Builder · Specializing in CMMC, SOC 2, serverless & engineering.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech