Hacking groups continue to use misconfigured AWS S3 data store buckets to insert malicious code into websites, search credit card information, and run advertising campaigns.
On the unpatched affected websites, content and chat forums for emergency services are provided in accordance with RiskIQ, aimed at firefighters, police officers and security experts.
www (.) officer (.) com
www (.) firehouse (.) com
www (.) securityinfowatch (.) com
The cyber company said it had heard nothing from Endeavor Business Media, even though it contacted the company to solve the problems.
As a result, the company is working with the Swiss nonprofit cybersecurity company Abuse.ch to eliminate the malicious domains associated with the campaign.
Amazon S3 (short for Simple Storage Service) is a scalable storage infrastructure that provides a reliable means of storing and retrieving any amount of data through a web service interface.
Last July, RiskIQ uncovered a similar Magecart campaign that used misconfigured S3 buckets to power 17,000 domains with digital credit card skimmers.
"We first identified the malicious redirector jqueryapi1oad – named after the cookie we associated with it – in July 2019," the researchers said. "Our research team found that the actors behind this malicious code also used misconfigured S3 buckets."
"The domain futbolred (.) Com is a Colombian soccer news site that is among the top 30,000 in the global Alexa ranking. It also misconfigured an S3 bucket and left it open for jqueryapi1oad," the researchers said.
To minimize these threats, RiskIQ recommends securing S3 buckets with the correct permissions, and additionally using access control lists (ACLs) and bucket policies to provide access to other AWS accounts or public requirements.
"Misconfigured S3 buckets that allow malicious actors to paste their code into numerous websites are a constant problem," concluded RiskIQ. "In today's threat environment, businesses cannot move safely without a digital footprint, an inventory of all digital assets, to ensure that they are managed and properly configured by your security team."