Skip to content

IBM COS HMAC Credentials

Service Name: IBM Cloud Object Storage

Service Description: IBM Cloud Object Storage is a highly scalable cloud storage service designed for storing unstructured data. It provides durability, security, and availability for data storage needs with HMAC authentication for API access.

Service Address: https://cloud.ibm.com/objectstorage

Validation Type: API Auth

IP Allow list: IP restrictions can be configured through IBM Cloud IAM policies and network access policies.

Secret Access Scope: Grants programmatic access to IBM Cloud Object Storage buckets and objects with permissions defined by the associated IAM policies.

Secret Revokement URL: https://cloud.ibm.com/iam/apikeys

Secret Example: AccessKeyId=AKIAIOSFODNN7EXAMPLE,SecretAccessKey=wJalrXUtnFEMI/K7MDENG/bPx RfiCYEXAMPLEKEY

Suspicious Activity Investigation Instructions:

  • Review IBM Cloud Activity Tracker logs for unusual API calls or access patterns.
  • Check for unexpected data transfers or bucket access from unfamiliar IP addresses.
  • Monitor for unauthorized bucket creation, deletion, or permission changes.
  • Examine access logs for operations performed outside normal business hours.
  • Verify if there are any unusual storage cost spikes indicating potential data exfiltration.

Mitigation Instructions:

  • Immediately rotate the compromised HMAC credentials by creating new credentials in the IBM Cloud console.
  • Delete the compromised credentials from your IBM Cloud IAM settings.
  • Review and update IAM policies to enforce the Principle of Least Privilege.
  • Enable multi-factor authentication for IBM Cloud accounts if not already enabled.
  • Update any application configurations or code that used the old credentials.
  • Consider implementing bucket policies that restrict access based on IP address or other conditions.
  • Review all buckets for unauthorized objects or modifications.
  • Enable object versioning to protect against unauthorized modifications or deletions.