css-logo-white

Building a Strategy to Secure Your Cloud Storage

Mitigate risks and protect your business with Antivirus for AWS by Cloud Storage Security (CSS).

Quarter 2 Threat Report

 

When cloud storage is overlooked, it becomes an open door.


In Q2 2025, Casmer Labs observed a sharp rise in breaches stemming from unsecured storage—ransomware hidden in backups, sensitive data exposed through misconfigurations, and unauthorized access buried in noisy logs. This whitepaper provides a tactical framework for securing AWS storage layers—including S3, EBS, EFS, and FSx—against real-world threats. It explores how attackers exploit blind spots at the data layer and offers practical strategies for stopping them with in-tenant, file-level scanning, configuration auditing, and activity monitoring. Backed by threat intelligence and security principles aligned to modern cloud operations, the guide equips teams to detect threats at ingestion, discover sensitive data, and maintain compliance across complex multi-account environments.

 

 

Screenshot 2025-07-09 163437

This paper discusses: 

arrow
Key threats targeting AWS cloud storage, including malware hidden in uploads, misconfigured access to S3, and ransomware embedded in EBS, EFS, and FSx environments.
arrow

Techniques for file-level threat detection using AWS-native tools like CloudTrail, Config, GuardDuty, and Security Hub to surface unauthorized access, anomalous behavior, and policy drift at the storage layer.

arrow

Incident response strategies aligned with NIST 800-61 Rev. 3 to guide containment, investigation, and recovery from cloud storage-based threats like data theft, malware outbreaks, and unauthorized data exposure.

arrow

How Cloud Storage Security’s DataDefender delivers scalable, in-tenant protection by combining real-time activity monitoring, sensitive data discovery, and automated security checks across cloud storage to support compliance and forensic readiness.

shield icon

Summarized Excerpt

Cloud storage threats surged in Q2 2025, with high-profile incidents revealing the risks of unmonitored, misconfigured, and exposed cloud storage resources. Breaches at Coinbase, Columbia University, and Ingram Micro showed how attackers used malware-laden uploads, insider credentials, and public-facing buckets to exfiltrate sensitive data and disrupt operations. These events underscore the growing need for stronger visibility, file-level monitoring, and rapid incident response across AWS storage services like S3, EBS, EFS, and FSx.

 

This whitepaper analyzes the tactics and techniques seen in recent cloud breaches and offers practical detection and response strategies using AWS-native telemetry including CloudTrail, Config, Security Hub, and GuardDuty. It aligns response workflows to NIST 800-61 R3, equipping security teams to contain data exfiltration, recover from ransomware, and investigate insider misuse at the storage layer.

 

Cloud Storage Security’s DataDefender platform is featured as a key control in enabling forensic readiness, real-time scanning, and automated misconfiguration defense—entirely in-tenant. With inventory views, 90+ storage-specific checks, file-level malware detection, and activity logging across multi-account environments, DataDefender helps organizations shorten response time, reduce blast radius, and protect sensitive data from evolving threats.