Recherche : [aws] - Cyberveille

Ransomware abuses Amazon AWS feature to encrypt S3 buckets https://www.bleepingcomputer.com/news/security/ransomware-abuses-amazon-aws-feature-to-encrypt-s3-buckets/

13/01/2025 20:12:07

A new ransomware campaign encrypts Amazon S3 buckets using AWS's Server-Side Encryption with Customer Provided Keys (SSE-C) known only to the threat actor, demanding ransoms to receive the decryption key.

AWS launches an incident response service to combat cybersecurity threats | TechCrunch https://techcrunch.com/2024/12/01/aws-launches-an-incident-response-service-to-combat-cybersecurity-threats/

02/12/2024 23:15:22

Amazon has launched AWS Security Incident Response, a service to help triage and respond to cybersecurity threats.

Perfecting Ransomware on AWS — Using ‘keys to the kingdom’ to change the locks https://medium.com/@harsh8v/redefining-ransomware-attacks-on-aws-using-aws-kms-xks-dea668633802

21/10/2024 13:47:17

If someone asked me what was the best way to make money from a compromised AWS Account (assume root access even) — I would have answered “dump the data and hope that no-one notices you before you finish it up.”

This answer would have been valid until ~8 months ago when I stumbled upon a lesser known feature of AWS KMS which allows an attacker to do devastating ransomware attacks on a compromised AWS account.

Now I know that ransomware attacks using cross-account KMS keys is already known (checkout the article below)— but even then, the CMK is managed by AWS and they can just block the attackers access to the CMK and decrypt data for the victim because the key is OWNED by AWS and attacker is just given API access to it under AWS TOS. Also there’s no way to delete the CMK but only schedule the key deletion (min 7 days) which means there’s ample time for AWS to intervene.

Widespread Cloud Exposure: Extortion Campaign Used Exposed AWS ENV Files To Target 110,000 Domains https://cyble.com/blog/widespread-cloud-exposure/

21/08/2024 09:22:52

A cloud extortion campaign exploited misconfigured AWS .env files to target 110,000 domains, stealing credentials and ransoming cloud storage data.

Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments https://unit42.paloaltonetworks.com/large-scale-cloud-extortion-operation/

15/08/2024 16:40:03

We recount an extensive cloud extortion campaign leveraging exposed .env files of at least 110k domains to compromise organizations' AWS environments.

Fake AWS Packages Ship Command and Control Malware In JPEG Files https://blog.phylum.io/fake-aws-packages-ship-command-and-control-malware-in-jpeg-files

18/07/2024 23:25:43

On July 13, 2024, the Phylum platform alerted us to a series of odd packages published to the npm package registry. At first glance, these packages appear entirely legitimate; however, as our system automatically noted, they contained sophisticated command and control functionality hidden in image files that would be executed

SCARLETEEL: Operation leveraging Terraform, Kubernetes, and AWS for data theft https://sysdig.com/blog/cloud-breach-terraform-data-theft/

09/03/2023 18:42:29

The Sysdig Threat Research Team recently discovered a sophisticated cloud operation in a customer environment, dubbed SCARLETEEL.

I scanned every package on PyPi and found 57 live AWS keys https://tomforb.es/i-scanned-every-package-on-pypi-and-found-57-live-aws-keys/

07/01/2023 22:21:04

After inadvertently finding that InfoSys leaked an AWS key on PyPi I wanted to know how many other live AWS keys may be present on Python package index. After scanning every release published to PyPi I found 57 valid access keys from organisations like:

Amazon themselves 😅
Intel
Stanford, Portland and Louisiana University
The Australian Government
General Atomics fusion department
Terradata
Delta Lake
And Top Glove, the worlds largest glove manufacturer 🧤

A Cyberattack Illuminates the Shaky State of Student Privacy https://www.nytimes.com/2022/07/31/business/student-privacy-illuminate-hack.html

01/08/2022 15:26:23

At a moment when education technology firms are stockpiling sensitive information on millions of school children, safeguards for student data have broken down.

Python packages upload your AWS keys, env vars, secrets to the web https://blog.sonatype.com/python-packages-upload-your-aws-keys-env-vars-secrets-to-web

27/06/2022 09:21:55

Multiple Python packages caught by Sonatype were seen uploading secrets such as AWS keys and environment variables to a web endpoint.

Liens par page

Filtres