Blog Post: the anatomy of a ransomware event targeting data residing in Amazon S3

I've been focused on ransom in the cloud for the past several years in my role at AWS. During Covid there was a spike in the amount to ransomware attacks in the news and customers starting asking about the cloud. I immediately partnered up with our AWS CIRT Team, to find out what the actual partners are and went on a campaign to document, speak and educate customers on what's actually happening... Here's a blog post I co-authored, in Feb 2023, on the AWS Security Blog, The anatomy of ransomware event targeting data residing in Amazon S3. Key takeaways:

This type of attack is 100% preventable!
Most cloud based security events come down to accidental leaked static access keys. It may seems really tough but its time to eliminate all long-lived credentials. Most cloud based security incidents come from leaked access keys so focus on re-architecting to eliminate. Use federation for developers, using IAM roles for resource to resource access. This is one of those items where 20% of the effort makes 80% of the value... Eliminating static access keys will drive down your risk of experiencing a security event, the effort is worth the value!
PSA: If you experience a security event in AWS, contact technical support and ask for help - they will connect you to the AWS CIRT team who will help as much as they can and keep the incident completely confidential.
Backup your resources.
Make it hard to delete critical resources.

New Customer Security Spotlight episode featuring the Starbucks Platform Engineering team

Join me tomorrow for a discussion with the amazing Starbucks Platform team, Ross Abbott and D. Ryan Hild as we talk security, devops, engineering and coffee! This team has great insights to share on their approach including guiding principles and philosophies-I’m excited! Checkout the recording here: https://www.twitch.

Blog Post: Top four ways to improve your Security Hub security score

Security Hub is a great tool to monitor the security posture of your AWS accounts. It generates findings for misconfigurations, questionable configurations on AWS resources. Customers told us it was difficult to improve the account posture at scale so Priyank Ghedia and I took it upon ourselves to provide guidance

Extending Security Ownership Across Your Organization: A conversation with Megan O’Neil, Principal Security Solutions Architect at AWS

In this chat with AWS enterprise strategist, Clarke Rodgers, Megan discusses the benefits of extending security ownership beyond the security department. Here at AWS, identifying vulnerabilities isn’t just the responsibility of the security team — every employee is empowered and expected to report potential security issues. In Megan’s own

Re:Inforce 2021 - The anatomy of ransomware event targeting data residing in Amazon S3

In June 2021, I had the opportunity to co-present at the AWS re:Inforce conference in Boston. My first session is with Kyle Dickinson and Karthik Ramanujam, Our Chalk Talk covered the anatomy of a ransomware event targeting data residing in Amazon S3. Check out the event pattern:

Read more

New Customer Security Spotlight episode featuring the Starbucks Platform Engineering team

Blog Post: Top four ways to improve your Security Hub security score

Extending Security Ownership Across Your Organization: A conversation with Megan O’Neil, Principal Security Solutions Architect at AWS

Re:Inforce 2021 - The anatomy of ransomware event targeting data residing in Amazon S3