New RiskIQ research

​

Misconfigured Amazon S3 Buckets are a launchpad for inserting malicious code into websites, according to the latest research by RiskIQ (hwww.riskiq.com).

The research identified that three sites belonging to Endeavour Business Media are currently hosting instances of Magecart.  One of these is also hosting jqueryapi1oad, a malicious redirector RiskIQ connects to the Hookads campaign, which has been historically associated with exploit kits and other malicious behaviour.  

Amazon S3 buckets, public cloud storage resources available in AWS S3, are object-storage offerings similar to folders that consist of data and its descriptive metadata.  They are highly useful for developers and ubiquitous across the web, but they are often misconfigured when deployed.  Attackers can gain code-level access to a website by hacking these vulnerable web assets, so they have begun mass scanning for misconfigured buckets to insert code.  

In the research, RiskIQ dissected the code and tactics used in these attacks to determine the threat campaign’s scope by using RiskIQ’s own unique data sets.

 

​

 

​

​​

​

​

​

​

​

​

​