Unusual excessive AWS S3 bucket deletion requests
Description
AlphaSOC detected an unusually high volume of AWS S3 bucket deletion requests
using the DeleteBucket action. A sudden spike in such requests within a short
time frame may indicate malicious activity, with threat actors attempting to
destroy data in the AWS environment.
Impact
If AWS S3 bucket deletion requests are successful, data stored within the affected buckets may be permanently lost, leading to data breaches, service disruptions, and compliance violations. The loss of critical data may also result in financial losses and reputational damage for the organization.
Severity
| Severity | Condition |
|---|---|
Medium | Unusual excessive AWS S3 bucket deletion requests |
Investigation and Remediation
Review AWS CloudTrail logs to identify the IAM users or roles responsible for the actions and verify whether they were authorized. If unauthorized, restrict access for the user responsible and conduct a thorough security assessment of your AWS environment to identify and address other potential threats.