A naukri.com initiative
Amazon
7d
125
Image Credit: Amazon
Preventing unintended encryption of Amazon S3 objects
- The AWS Customer Incident Response Team (CIRT) and security monitoring systems have detected an increase in unusual encryption activity in Amazon S3 buckets
- A pattern was detected in which malicious actors obtained valid customer credentials to re-encrypt objects using server-side encryption using client-provided keys (SSE-C) and overwrite existing data
- AWS recommends several best practices to prevent the unauthorized use of SSE-C, including blocking the use of SSE-C unless required by an application, implementing data recovery procedures, monitoring resources for unexpected access patterns, and implementing short-term credentials
- Customers can block the use of SSE-C with a resource policy or by using resource control policy (RCP) in AWS Organizations
- Enabling S3 Versioning can help to keep multiple versions of an object in a bucket, protecting against accidental deletion or overwriting of data
- Customers should monitor access to their data using AWS CloudTrail or S3 server access logs and create CloudWatch alerts based on specific metrics or logs to detect anomalous behavior quickly
- Short-term credentials backed by longer-term user identities that are protected by Multi-factor Authentication (MFA) can control access to AWS resources without embedding long-term AWS security credentials within an application
- AWS is committed to customer security and is building a more secure cloud environment to allow customers to innovate with confidence
- Customers should contact AWS Support immediately if they suspect unauthorized activity
Read Full Article
7 Likes
For uninterrupted reading, download the app