"Those in the study who eventually found their S3-stored data replaced with a ransom note had exposed their environment variables, failed to refresh credentials regularly, and didn't adopt a least-privilege architecture."
"To elevate privileges, the attackers created an IAM role named lambda-ex with the API request CreateRole, then used the API call AttachRolePolicy to attach the AWS-managed policy AdministratorAccess to the newly created lambda-ex role."
Collection
[
|
...
]