Skip to main content

AWS S3 object accessed without TLS

ID:aws_s3_unencrypted
Data type:AWS CloudTrail
Severity:
Medium
MITRE ATT&CK:TA0005:T1600

Description

AlphaSOC detected that an AWS S3 object was accessed without using Transport Layer Security (TLS). This means the data transfer occurred over an unencrypted connection, potentially exposing sensitive information to interception.

Impact

Accessing AWS S3 objects without TLS allows threat actors to potentially eavesdrop on the communication, manipulate data in transit, or perform man-in-the-middle attacks. It can lead to data exposure, unauthorized access to confidential information, and potential regulatory violations.

Severity

SeverityCondition
Medium
AWS S3 object accessed without TLS

Investigation and Remediation

Investigate the incident by identifying the specific AWS S3 bucket and object involved, and the identity responsible for the access. Examine AWS S3 bucket policies to ensure they enforce the use of TLS. Confirm that AWS SDKs and other tools are configured to use TLS. If unauthorized access is suspected, rotate all potentially compromised credentials.

Further reading