Data Source: AWS KMS | Detection.FYI

AWS S3 Object Encryption Using External KMS Key

Oct 10, 2024 · Domain: Cloud Data Source: AWS Data Source: Amazon Web Services Data Source: AWS S3 Data Source: AWS KMS Use Case: Threat Detection Tactic: Impact ·
Share on:

Identifies CopyObject events within an S3 bucket using an AWS KMS key from an external account for encryption. Adversaries with access to a misconfigured S3 bucket and the proper permissions may encrypt objects with an external KMS key to deny their victims access to their own data.

Read More
AWS KMS Customer Managed Key Disabled or Scheduled for Deletion

May 22, 2024 · Domain: Cloud Data Source: AWS Data Source: Amazon Web Services Data Source: AWS KMS Use Case: Log Auditing Tactic: Impact ·
Share on:

Identifies attempts to disable or schedule the deletion of an AWS KMS Customer Managed Key (CMK). Deleting an AWS KMS key is destructive and potentially dangerous. It deletes the key material and all metadata associated with the KMS key and is irreversible. After a KMS key is deleted, the data that was encrypted under that KMS key can no longer be decrypted, which means that data becomes unrecoverable.

Read More