Cloud storage vulnerable to ransomware attacks

New research from Dig reveals that cloud assets like Amazon S3 buckets and Azure Storage accounts are being left open to ransomware attacks thanks to poor configuration.

It shows that only 31 percent of S3 buckets have versioning enabled, an essential for data recovery, while just two-thirds of sensitive buckets have logging enabled, a prerequisite for detection. In addition 72 percent of remote CMK buckets are not actively monitored.

Only 10 percent of encrypted buckets use CMK for enhanced security and just four percent of those are remotely monitored. This shows there are immediate improvements that can be made to bolster defenses against ransomware attacks.

The report looks at the mechanisms behind attacks including direct and indirect deletion of data, object overrides, re-encryption, and disabling or deleting encryption keys.

It also stresses the importance of time as it defines the window of opportunity that a business has to detect and respond to the attack. This highlights the need for security teams to reduce the mean time to detect (MTTD) and mean time to respond (MTTR) for attacks on their cloud infrastructure.

Logging of data can help give early warning of an attack and if versioning and MFA delete are enabled life is harder for attackers as they have to navigate through additional steps to compromise the data, which in turn, provides security teams with a longer time frame to detect and counteract the attack before any significant data loss occurs.

The report's authors note, "In the battle against ransomware, understanding your enemy is half the victory. By diving into the minds of attackers and evaluating the pros and cons of their techniques, we can anticipate their next moves… and fortify our defenses."

You can read more on the Dig blog.

Image credit: VitalikRadko/depositphotos.com