How to Secure S3 Buckets from Malware Risk

October 3, 2022

Enterprises around the globe consider Amazon Web Services (AWS) Simple Storage Service (S3) buckets to be highly reliable and secure storage destinations for company data. However, with hackers relentlessly pursuing new attack grounds, previously secure AWS S3 buckets can be compromised and are at risk for malware and ransomware attacks. Those responsible for securing cloud infrastructure must learn how to avoid this potentially serious and costly business impact. Threat actors do not even need to gain access to the S3 bucket to wreak havoc. Weaponized files may come into the company from email or other sources and then be uploaded to S3.  

In this blog post, we will address the concept of S3 buckets and explore how secure these buckets truly are. We will also offer practical solutions that can help organizations prevent malware and ransomware from being uploaded to their AWS S3 buckets, thereby enhancing the overall security of their cloud infrastructure.

What are AWS S3 buckets?

Amazon S3 is a leading cloud storage solution that offers scalable data storage via a web service interface. Amazon S3 buckets are commonly used by a broad range of companies across a wide spectrum of industries for storing many different types of data in the cloud. Enterprise usage of S3 buckets is expanding exponentially. S3 buckets currently hold over 100 trillion objects, driven by file sharing between today’s remote workforce and the platform’s ability to host Internet-facing services. 

How secure are AWS S3 buckets? 

While S3 buckets are commonly used across multiple industries and enterprises, their usage comes with risks, including malicious files being uploaded to these cloud-hosted repositories.

S3’s bucket policies define which accounts, users, roles, and AWS services can access the files within the bucket and under which conditions. Unfortunately, bucket policies are not intuitive to many users, resulting in these policies being misconfigured and unintentionally enabling unauthorized access. In addition, in the aftermath of the global pandemic, many companies migrated to AWS overnight. Since these companies tended to not have dedicated personnel handling their data and S3 bucket security strategy, the move put their data at risk.

Does AWS protect against malware? 

Once hackers gain access to private S3 buckets, they can upload malicious files that can cause real damage to an organization. When an individual opens the malicious file – whether an e-form, document, or image – a payload is triggered, causing malware to deploy across the network. While S3 does not support FTP directly, AWS CLI or AWS SDK can be used for file-related uploads.

This vulnerability to some file-related uploads can be extremely risky because traditional signature-based solutions, such as next-generation antivirus (NGAV) and sandboxing, are unable to detect threats within S3 buckets, enabling these file-borne threats to easily evade detection. Even Amazon GuardDuty, a threat detection service specifically for S3 accounts, can only detect known threats. This inability to detect unknown threats is especially troubling as 80% of successful breaches are new or unknown zero-day attacks.

Several malware attacks were perpetrated by hackers by using an organization’s S3 buckets. For example, in May 2020, Endeavor Business Media, which hosts content for government and private security professionals, admitted that several of their AWS S3 buckets were unsecured and had been infected with malicious credit card skimmer code. 

The hackers also inserted redirects to mal-advertising campaigns, which involve injecting malicious advertisements into legitimate online advertising networks and webpages with the goal of further spreading the malware. This successful malware campaign and others like it sends a clear message that securing S3 buckets should be a top priority of any company that relies on them.

Is AWS S3 safe from ransomware?

Research indicates that posting malware within S3 buckets can result in ransomware being distributed through the cloud. According to Ermetic, a shocking 90% of AWS S3 buckets are vulnerable to ransomware attacks.

Votiro: Delivering AWS S3 bucket malware protection

Organizations must be able to expand their cloud ecosystem without fear of opening themselves up to increased cyberattacks. Instead of scanning for suspicious elements and blocking some malicious files, Votiro Cloud, backed by Positive Selection® technology, rebuilds each and every document, copying only the known-good, positively selected content and ensuring only the safe template elements remain. Votiro Cloud’s capability as a file sanitizer means all external documents are sanitized before they penetrate the internal environment, preventing threats in files such as malware and the ransomware it causes.

Votiro is superior to traditional NGAV and sandboxing solutions as it can protect the most file types — from .ppt, docs, pdfs, and image files to more complex file formats and password-protected or encrypted files. Enterprises are secure in the knowledge that all of their files housed within Amazon S3 buckets have been regenerated by Votiro into the same format, albeit one that can be saved, edited, shared, and recompressed without risk. Ultimately, Votiro’s technology provides exceptional AWS S3 security by preserving the original file’s integrity and functionality while eliminating all of the malicious elements. If you’d like to learn more about how our proprietary Content Disarm and Reconstruction technology can secure your Amazon S3 buckets or try a 30-day free trial of Votiro Cloud, please visit the Votiro Cloud page on the AWS Marketplace