This project analyses a simulated cloud security incident affecting a company that recently migrated most of its infrastructure to Amazon Web Services.
The scenario involves suspicious network activity, unauthorized storage access, and ransomware deployment on several virtual machines.
The analysis identifies key assets, threats, vulnerabilities, and risks, reconstructs the likely attack path, and proposes security controls to reduce the organization's exposure.
As part of a cloud security simulation, I analysed a potential security incident affecting DigitalWitch Cyber Solutions Ltd., a company that recently migrated 80% of its infrastructure to AWS.
A few weeks after the migration, multiple security issues were reported across departments:
The security team also discovered that some IP addresses had been added to firewall rules, and certain IAM roles were overly permissive.
Initial threat intelligence suggested possible activity linked to APT32 or APT41, two threat groups known for cloud espionage and ransomware deployment.
The goal of this analysis is to identify the key assets, threats, vulnerabilities, and risks, and propose practical mitigation strategies.
Before analysing the incident, it's important to clarify three core concepts used in risk analysis.
An asset is anything that provides value to an organization and must be protected. This can include infrastructure, sensitive data, intellectual property, or even brand reputation.