Tuesday, May 7, 2024
Home Cyber Attack AWS S3 Buckets again Exploit by the Hackers

AWS S3 Buckets again Exploit by the Hackers

Many times I have mentioned about the AWS S3 and all time the same exploitation happens with the server. The threat actors are working continuously leveraging misconfigured AWS S3 data storage buckets to slip malicious code into websites that endeavor to steal credit details and conduct malvertising campaigns.

The Whole Scenario

  1. In May, the researcher from cybersecurity firms “RiskIQ” team discovered three compromised website which was owned by the Endeavor Business Media, Hosting javascript skimming code. The classic methods which is embraced by the magecart in the association with several hackers group that target the online shopping cart systems.
  2. Three affected websites host content and the chat forums related to the emergency services provided by the police officer, firefighter, and security professionals.
  3. Using the methods and involvement of Virtual credit card skimming attacks also called form jacking. The magecart operator secretly inserts Javascript code into a compromised website-usually on payment pages which can steal; customer’ card details which can later be transferred to a remote hacker-controlled server.

S3 Bucket Misconfigured 

  1. In July 2019, Magecart conducted a similar campaign that exploited AWS insecure S3 bucket to feed virtual credit card skimmers on 17,000 domains.
  2. It was started in April 2019, where a malicious script named “jqueryapi1oad” was employed in the malvertising operation which has impacted on 277 unique hosts so far. The threat actors behind the code were misconfigured S3 buckets.
  3. This is featured in the top 30,000 of global Alexa ranking futbolred[.]com, a Colombian soccer news site which had a misconfigured AWS S3 storage buckets.

Credit card skimming

  1. A company named as NutriBullet has suffered from Mageattack in February 2020. After a week, RiskIQ has discovered a javaScript skimmer placed in the NutriBullet website. You can ensure that the skimmer is inserted on the payment pages. Mage cart targeted a resource -JQuery javascript library.
  2. During March 2020, the researcher from the Malwarebytes spotted a credit card skimmer which is embedded in the website of Tupperware which is a food storage company. The magecart attackers exploited the vulnerabilities on the website which you can insert their malicious module that can siphon the credit card details in which shoppers filled the payment forms to complete transactions.

Needless

Malicious actors have been exploiting misconfigured AWS S3 Buckets to insert their code into multiple websites for quite some time now.

If you have any suggestions for this. You can drop a comment below

Bipin Choudharyhttps://vednam.com
Bipin has been a passionate blogger for several years. He is a Cyber Security Enthusiast, Security Blogger, Technical Writer. He is always eager to know everything about the latest technology development and advancement. Author @ Vednam

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular

7 Best Free Ethical Hacking Courses Online

  Ethical hacking is the practice of identifying vulnerabilities in computer systems and networks, using the same techniques and tools as malicious hackers. Ethical hackers,...

How does AuKill malware work?

AuKill Malware Actively Used to Disable EDR in Ongoing Attacks The cybersecurity landscape is constantly evolving, and attackers are always finding new ways to breach...

What is Black box hacking ? How Does it works ?

  Black box hacking refers to the process of testing a system, network or application for vulnerabilities without having any prior knowledge of its internal...

What is Penetration testing ? How does it works ?

  Penetration testing, or PenTesting for short, is a critical part of any comprehensive cybersecurity program. It involves testing the security of computer systems, networks,...

Recent Comments