AWS S3 object accessed without TLS
Description
AlphaSOC detected that an AWS S3 object was accessed without using Transport Layer Security (TLS). This means the data transfer occurred over an unencrypted connection, potentially exposing sensitive information to interception.
Impact
Accessing AWS S3 objects without TLS allows threat actors to potentially eavesdrop on the communication, manipulate data in transit, or perform man-in-the-middle attacks. It can lead to data exposure, unauthorized access to confidential information, and potential regulatory violations.
Severity
Severity | Condition |
---|---|
Medium | AWS S3 object accessed without TLS |
Investigation and Remediation
Investigate the incident by identifying the specific AWS S3 bucket and object involved, and the identity responsible for the access. Examine AWS S3 bucket policies to ensure they enforce the use of TLS. Confirm that AWS SDKs and other tools are configured to use TLS. If unauthorized access is suspected, rotate all potentially compromised credentials.