AWS DataSync task initiated
Description
AlphaSOC detected the initiation of an AWS DataSync task. AWS DataSync is a data transfer service that simplifies, automates, and accelerates moving data between on-premises storage systems and AWS storage services. Tasks initiated by AWS services are exempt from the detection to avoid false positives.
Impact
Threat actors may exploit DataSync for data exfiltration, leveraging its high-speed transfer capabilities to quickly move large volumes of sensitive data out of the organization's control to external storage, potentially resulting in data breaches, intellectual property theft, or compliance violations.
Severity
Severity | Condition |
---|---|
Informational | DataSync task initiated |
Low | DataSync task initiated unexpectedly |
Medium | DataSync task initiated with a destination ARN associated with an unusual AWS account |
Investigation and Remediation
Investigate the legitimacy of the DataSync task. Review the task details, including source and destination locations, data being transferred, and the identity of the initiator. If unauthorized, immediately halt the task, revoke associated credentials, and analyze logs to determine the extent of potential data loss.