Geeks for your information
Magecart Hackers Scan for Misconfigured S3 Buckets - Printable Version

+- Geeks for your information (https://www.geeks.fyi)
+-- Forum: News (https://www.geeks.fyi/forumdisplay.php?fid=105)
+--- Forum: Privacy & Security News (https://www.geeks.fyi/forumdisplay.php?fid=107)
+--- Thread: Magecart Hackers Scan for Misconfigured S3 Buckets (/showthread.php?tid=7726)



Magecart Hackers Scan for Misconfigured S3 Buckets - silversurfer - 11 July 19

Quote:Magecart hackers have compromised thousands of websites with digital skimming code by scanning for misconfigured Amazon S3 buckets, researchers have warned.
 
First discovered in May, the campaign is far more extensive that originally thought thanks to the automated scanning and exploitation of unsecured cloud storage accounts, explained RiskIQ’s Yonathan Klijnsma.

“These actors automatically scan for buckets which are misconfigured to allow anyone to view and edit the files it contains. Once the attackers find a misconfigured bucket, they scan it for any JavaScript file (ending in .js),” he explained. “They then download these JavaScript files, append their skimming code to the bottom, and overwrite the script on the bucket. This technique is possible because of the misconfigured permissions on the S3 bucket, which grants the write permission to anyone.”
 
The attacks, which started in April, have managed to compromise a “vast collection of S3 buckets” related to over 17,000 domains, including some of the top 2000 Alexa-ranked websites in the world, Klijnsma said.
However, given the “spray-and-pay” nature of these attacks, the skimming code will not always load on a payment page.

SOURCE: https://www.infosecurity-magazine.com/news/magecart-hackers-scan-for/