Many times I have mentioned about the AWS S3 and all time the same exploitation happens with the server. The threat actors are working continuously leveraging misconfigured AWS S3 data storage buckets to slip malicious code into websites that endeavor to steal credit details and conduct malvertising campaigns.
The Whole Scenario
- In May, the researcher from cybersecurity firms “RiskIQ” team discovered three compromised website which was owned by the Endeavor Business Media, Hosting javascript skimming code. The classic methods which is embraced by the magecart in the association with several hackers group that target the online shopping cart systems.
- Three affected websites host content and the chat forums related to the emergency services provided by the police officer, firefighter, and security professionals.
- Using the methods and involvement of Virtual credit card skimming attacks also called form jacking. The magecart operator secretly inserts Javascript code into a compromised website-usually on payment pages which can steal; customer’ card details which can later be transferred to a remote hacker-controlled server.
S3 Bucket Misconfigured
- In July 2019, Magecart conducted a similar campaign that exploited AWS insecure S3 bucket to feed virtual credit card skimmers on 17,000 domains.
- It was started in April 2019, where a malicious script named “jqueryapi1oad” was employed in the malvertising operation which has impacted on 277 unique hosts so far. The threat actors behind the code were misconfigured S3 buckets.
- This is featured in the top 30,000 of global Alexa ranking futbolred[.]com, a Colombian soccer news site which had a misconfigured AWS S3 storage buckets.
Credit card skimming
- A company named as NutriBullet has suffered from Mageattack in February 2020. After a week, RiskIQ has discovered a javaScript skimmer placed in the NutriBullet website. You can ensure that the skimmer is inserted on the payment pages. Mage cart targeted a resource -JQuery javascript library.
- During March 2020, the researcher from the Malwarebytes spotted a credit card skimmer which is embedded in the website of Tupperware which is a food storage company. The magecart attackers exploited the vulnerabilities on the website which you can insert their malicious module that can siphon the credit card details in which shoppers filled the payment forms to complete transactions.
Needless
Malicious actors have been exploiting misconfigured AWS S3 Buckets to insert their code into multiple websites for quite some time now.
If you have any suggestions for this. You can drop a comment below