Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
Amazon S3 is a popular option for data storage. After an initial network compromise, an attacker can move data to an S3 bucket that they have created. Attackers frequently seek valuable data to steal, and data can be easily transferred without advanced tools or techniques. The business impact of this type of exfiltration is high because the attacker can steal sensitive data, which can lead to further attacks on your network.
The system might change the risk score for this detection.
Kill Chain
Risk Score
88
Attackers often target valuable data to steal through exfiltration, such as sensitive customer data, financial information, or trade secrets. Data can be exfiltrated by employees with authorized access to critical assets, or by attackers who gain unauthorized access to critical assets through malware or an exploit. S3 buckets require user information to set up, so experienced attackers might choose to move data to a server that requires less exposure. However, attackers can hide large data uploads by sending the data to a web service, such as Amazon S3, that is frequently accessed by internal devices and approved by firewall policies. Amazon S3 traffic that does not contain a bucket name in the SNI TLS extension combines into a single “Unknown” bucket. A value of “Unknown” in the SNI header can indicate a version issue between the client and the S3 bucket.
