Skip to main content

Misconfigured Amazon S3 buckets act as launchpad for malicious code

(Image credit: Shutterstock)

Hackers are using misconfigured Amazon S3 buckets as launch pads for the distribution of various malware. This is according to a new report from RiskIQ, which digs into how the practice works and what businesses can do to protect themselves.

Amazon S3 buckets are public cloud storage resources used by developers across the world but which, according to RiskIQ, are all too often misconfigured.

RiskIQ researcher Jordan Herman said the team identified Magecart instances skimming code on three separate sites owned by the same operator.

It also found malicious redirector jqueryapi1oad, linked historically with Hookads malvertising campaigns, on 277 unique domains as a result of misconfigured S3 buckets - including a popular Columbian football news site.

For businesses, Herman suggests, it is vital to understand where S3 buckets are in use, because it allows them to better track their digital attack surface.

“In today’s threat environment, businesses cannot move forward safely without having a digital footprint, an inventory of all digital assets, to ensure they are under the management of your security team and properly configured,” Herman said.

This is not the first time RiskIQ warned webmasters about the dangers of misconfigured S3 buckets. A year ago, the firm issued a warning that criminals were actively searching for such instances in order to distribute skimmers and other malicious code.

"[Attackers] are always on the prowl. Next time, the damage could be catastrophic," the report concludes.