Exposed storage is an attack technique where an attacker targets and exploits cloud storage containers or buckets that are publicly accessible or have weak access controls.
The attacker can gain access to sensitive data stored in the containers, such as personal information, financial data, or intellectual property.
Exposed storage can occur due to misconfigured access controls, where the data is mistakenly made publicly available or accessible to unauthorized users.
This can occur when the default security settings for cloud storage services are not properly adjusted, or when access controls are not regularly reviewed and updated.
ID:T0126
Type:Technique
Tactic:Initial Access
Summary:Exposed storage
State:Draft
Mitigations
ID
TYPE
SUMMARY
DESCRIPTION
M1240
Mitigation
Mitigation Enable data encryption at rest Encryption at rest is essential for preventing data breaches, complying with data privacy regulations, and protecting sensitive data.
Organizations must identify which data needs encryption, select appropriate encryption algorithms and key management strategies, and regularly audit and assess their encryption at rest implementation. Check your cloud provider documentation for more details on how to enable data encryption at rest.
M1260
Mitigation
Mitigation Implement least privilege access When granting permissions, you decide who is getting what permissions to which Amazon S3 resources or other cloud storages.
You enable specific actions that you want to allow on those resources. Therefore you should grant only the permissions that are required to perform a task. Implementing least privilege access is fundamental in reducing security risk and the impact that could result from errors or malicious intent.
M1261
Mitigation
Mitigation Implement proper access control for cloud storages Ensure that appropriate access controls are implemented and regularly reviewed for all cloud storage containers or buckets.
This includes setting up strong authentication methods, such as multi-factor authentication (MFA), and restricting access to only authorized users and applications based on the principle of least privilege.
M1550
Mitigation
Mitigation Implement strict access control for clouds Limit access to cloud resources to only authorized users and ensure that proper authentication and authorization mechanisms are in place.
Mitigation Implement strict access control for clouds Limit access to cloud resources to only authorized users and ensure that proper authentication and authorization mechanisms are in place.
Detections
ID
TYPE
SUMMARY
DESCRIPTION
D1510
Detection
Detection Implement Intrusion Detection System and anti-malware An intrusion detection system (IDS) is a security tool designed to detect and alert on unauthorized access to a computer system or network.
Implementing intrusion detection systems (IDS) and anti-malware software can help to identify and block malicious activity. IDS is a critical security tool that helps organizations to detect and respond to security incidents in a timely manner. By providing real-time monitoring and analysis of network traffic, IDS can help organizations to stay ahead of potential threats and reduce the risk of a security breach.
D1260
Detection
Detection Implement regular security audit and review Conduct regular security audits and vulnerability assessments of your systems and storages configurations to identify and address any potential misconfigurations or vulnerabilities that could lead to exposed storage.
This includes reviewing access controls, encryption settings, and other security configurations to ensure they are aligned with best practices and organizational security policies.
D1261
Detection
Detection Implement penetration testing Penetration testing, also known as ethical hacking or vulnerability assessment, is a proactive approach to mitigating cybersecurity risks.
It involves simulating real-world cyber attacks on a system, network, or application in a controlled and authorized manner to identify vulnerabilities and weaknesses that could be exploited by malicious actors.
D1262
Detection
Detection Implement vulnerability assesment Vulnerability assessment is a proactive approach to mitigating cybersecurity risks by systematically identifying, evaluating, and prioritizing vulnerabilities in a system, network, or application.
It involves conducting regular assessments to identify potential weaknesses that could be exploited by attackers, and taking appropriate actions to remediate or mitigate those vulnerabilities.
AppSec teams are overwhelmed by useless alerts, managing numerous applications with vulnerabilities across various kill-chain stages, making them increasingly susceptible to successful attacks.
