Poorly-secured AWS buckets used to launch Magecart attacks


Alex Scroxton

Cyber criminals are exploiting misconfigured AWS S3 buckets to run credit card fraud and malvertising campaigns, according to new data.

Cyber criminals launching Magecart credit card-skimming attacks continue to take advantage of lax attitudes to securing Amazon Web Services Simple Storage Service (AWS S3) to inveigle their way into their targets’ infrastructure, according to new research from RiskIQ.

Through no fault of AWS’s – S3 buckets are secured by default, so when they leak, it is down to error on the owner’s part – the popular object storage service can easily be exploited to get access to websites and inject malicious code into them.

Vulnerable AWS S3 buckets can easily be found by...

Get the Morning Update

Thanks for subscribing!