AWS security group allows access to known command and control destinations

Other Security Rules

Description

The AWS security group allows access to destinations that are known or suspected of being command and control systems used in ransomware and botnet attacks.

Gain access to known command and control destinations with the minimum required connectivity via the AWS Management Console

Step 1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/ and click on Security Groups.

Step 2. For each group found by this rule:

  • Select the given rule.
  • Click on the "Outbound Rules" tab.
  • Click on Edit outbound rules.
  • Edit any CIDR/IP addresses and minimize the permitted scope to just the minimum required for connectivity.