Jan 17, 2025
Security Alert: Codefinger Ransomware Attacks Target Amazon S3 Users
A new ransomware campaign targeting Amazon Simple Storage Service (Amazon S3) users has been identified. Dubbed Codefinger, the attackers leverage compromised AWS credentials to access and encrypt the victim’s data in Amazon S3 via AWS server-side encryption with customer-provided keys (AWS SSE-C). Cloud Storage Security’s (CSS’s) threat laboratory, Casmer Labs, responded quickly and conducted extensive research covering the attack method, identifying possible victims, and comparing Codefinger attacks to other ransomware tactics. Casmer Labs concluded that these attacks are especially dangerous because after encryption has been completed, the data cannot be recovered without the attacker’s disclosure of the encryption key, which would theoretically be provided after the ransom has been paid.
Cloud Storage Security
Jan 15, 2025
Your Responsibilities and Data Security in the Cloud
If your organization leverages the Amazon Web Services (AWS) cloud, you have probably encountered the Shared Responsibility Model. This framework is distributed by AWS to delineate security and compliance responsibilities between themselves as the cloud provider and their customers as cloud users.
Cloud Storage Security
Jan 13, 2025
Enhance Malware Protection with GuardDuty & Cloud Storage Security
Ingestion Methods and Attack Surface Modern organizations that leverage the cloud ingest data into storage from various sources. Some examples include: Customer data via web applications On-premises data via migration tools such as AWS DataSync Data transferred from partners utilizing managed file transfer (MFT) services like AWS Transfer Family
Cloud Storage Security
Jan 6, 2025
Storage Announcements from AWS re:Invent & Data Security Considerations
Amazon Web Services (AWS) continues to advance the capabilities of cloud storage with a range of new features and enhancements, each offering unique benefits to businesses leveraging the AWS platform. Announcements made in December 2024 at AWS re:Invent included Storage Browser for Amazon S3, Queryable Object Metadata, Amazon S3 Tables, FSx Intelligent-Tiering and Physical data transfer terminals. These enhancements reflect AWS’ ongoing innovation in data management and storage optimization.
Cloud Storage Security
Dec 18, 2024
Cloud Storage Security CTO Kevin Hunt to Deliver CloudX 2024 Keynote
Presentation will describe business challenges and offer practical advice for managing data security in multi-cloud environments.
Cloud Storage Security
Nov 14, 2024
Cloud Storage Security Launches Antimalware for Azure Blob
Solution offers multi-cloud malware protection and mitigation for files stored across Microsoft Azure Blob Storage and AWS
Cloud Storage Security
Nov 1, 2024
Managing Malware in Multi-Cloud
Businesses choose the cloud for reasons ranging from flexible application and processing capacity to secure storage. At Cloud Storage Security, we are seeing growing interest among businesses looking to distribute digital assets and functions across multiple clouds. When they do adopt a multi-cloud strategy, it is essential to consider potential expansion of vulnerabilities impacts to cybersecurity.
Cloud Storage Security
Oct 31, 2024
Navigating the Threat Landscape of S3 Malware for Downstream Users
In the rapidly evolving digital landscape, cloud storage services like Amazon Simple Storage Service (S3) have become critical for business operation. However, with great power comes great responsibility—especially when it comes to securing your data against potential threats. One of the lurking dangers in cloud environments is malware that makes its way into S3 buckets, which is referred to as "S3 malware" herein. In fact, S3 has been cited as one of the top applications for malicious downloads in recent years*. This article uncovers the risks that S3 malware poses to downstream users and offers insights into effective protection strategies for DevOps teams, cloud security analysts, cloud architects, and IT professionals.
Cloud Storage Security
Oct 24, 2024
Costly Consequences of Falling Asleep at the Security Wheel
TechTarget’s Jill McKeon reported that the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently settled ransomware investigations involving two medical providers, in which the OCR issued civil monetary penalties totaling $490,000 for failing to fully comply with the HIPAA Security Rule by regularly and persistently maintaining malware prevention services.
Cloud Storage Security
