We're witnessing the evolution of ransomware. Yesterday someone informed us of the existence of the new TTP of AWS S3 extortion. More specifically, Threat Actors abusing the Amazon Key Management Service (KMS) to encrypt company AWS buckets (or any cloud provider). - ThreadSky

About ThreadSky

vxundergroundre.bsky.social • 46 days ago

We're witnessing the evolution of ransomware.

Yesterday someone informed us of the existence of the new TTP of AWS S3 extortion. More specifically, Threat Actors abusing the Amazon Key Management Service (KMS) to encrypt company AWS buckets (or any cloud provider).

Comments

viss.hax.lol•46 days ago

hey can you follow @ap.brid.gy so i can follow you via mastodon, and repost your stuff there?

delchi.bsky.social•46 days ago

Best thing about AWS : Granular control
Worst thing about AWS : Granular control

This is just another 'taking advantage of poor hygiene' attack.
It's not without merit, but it's not 'abusing the KMS' , it's abusing a poorly configured AWS

cyb3rint3l.bsky.social•46 days ago

Going through the analysis, as with virtually any setup, attackers essentially exploit weak configurations & overall poor hygiene in S3 environments to succeed in their purpose.

While this threat is worrisome, it is still based on the same bad practices that allow it to happen.

Thanks for sharing.