DETECTION OVERVIEW

Unusual Download from S3 Bucket

Risk Factors

Network environments that support a hybrid architecture of Amazon S3 (Simple Storage Service) and on-premise servers for data storage are common. An attacker with knowledge of Amazon S3 can download data from an S3 bucket to a compromised device for data staging. The business impact of this type of exfiltration is high because the attacker can steal sensitive data, which can lead to further attacks on your network.

The system might change the risk score for this detection.

Kill Chain

Actions on Objective

Risk Score

Attack Background

An attacker that downloads sensitive data from an S3 bucket can stage data on a compromised device before exfiltration. A benefit of data staging is that the attacker can minimize the number of external connections needed to transfer all of the data, helping to evade detection.

Mitigation Options

Track suspicious activity by implementing strict audit controls on important documents
Implement strict rules for outbound traffic on devices that contain valuable data

Professional Services

Partners

Partner Login

Partner Finder

View All Use Cases

View All Industries

View All Integrations

Attack Background

Mitigation Options

MITRE ATT&CK ID

What else can RevealX do for you?

View our Periodic Table of use cases