How Attackers Can Use KMS to Ransomware S3 Buckets - Bleon Proko

Encrypting buckets for compliance and ransom - How Attackers Can Use KMS to Ransomware S3 Buckets

A successful ransomware attack is the culmination of numerous steps by a determined attacker: gaining initial access to the victim’s environment, identifying sensitive data, exfiltrating sensitive data, encrypting original data, etc.

We can all agree that Ransomware is tough. It’s hard on the target, but harder for the Attacker. The logistics of attacking, storing the data, encrypting it locally, uploading, making it as undetectable as possible until they don’t need to anymore. It’s a mess.
So, as everybody does it these days, they are paying for a Cloud Service to help with it.

This talk will outline how an attacker can abuse the principle of Least-Privilege on KMS keys to encrypt the data on its target's buckets, making them unaccessable.

This talk will also show how a defender can protect or detect against these attacks, rendering them useless.