Vous trouverez ci-dessous la déclaration d’Avi Shua, CEO d’Orca Security concernant cette faille :

The discovery of the first known Denonia malware targeting AWS Lambda shows an emerging issue for organizations to protect their serverless systems and rapidly growing cloud estates. However, the core problem is not new. It emphasizes how traditional security approaches, using agents, weren’t designed for the cloud where workloads can run without any compute instances and don’t have the full visibility to identify issues like malware.An Orca Security research study on AWS Lambda and the secrets it uses, also found that almost 30% of Lambda functions contain secrets in their environment variables. These secrets can be keys, authorization tokens, passwords and everything that should be kept private. If stolen through malware, these secrets can also be used to access other connected areas like S3 buckets to reach PII and other crown jewel data.”