Serviceteam IT Security News
Security researchers are once again warning website owners to ensure any cloud storage resources linked to their site are locked down, after discovering Magecart and malicious redirector code lurking in misconfigured S3 buckets.

RiskIQ threat researcher, Jordan Herman, said his team made the discovery on May 12, after finding Magecart code residing on three websites all run by a company known as Endeavor Business Media. They apparently host content and chat forums designed for firefighters, police officers and security professionals.

Alongside Magecart they found a malicious redirector dubbed “jqueryapi1oad” which they first discovered back in July 2019 on compromised S3 buckets that had also been seeded with digital skimming code.

On closer inspection, RiskIQ discovered the redirector first appeared in April of last year and is still in use, connected with 362 unique domains.

It’s linked to the Hookads malvertising campaign that Herman claimed “has historically been connected to exploit kits and other malicious behavior.”

They found the redirector on other sites with misconfigured S3 buckets, including a Colombian football news site that’s in the top 30,000 global Alexa rankings. So far, 277 sites have been identified as affected by jqueryapi1oad, potentially exposing countless unsuspected web users.

“As attacks involving misconfigured S3 buckets continue, knowing where your organization is using them across its digital attack surface is imperative,” argued Herman.

“In today’s threat environment, businesses cannot move forward safely without having a digital footprint, an inventory of all digital assets, to ensure they are under the management of your security team and properly configured.”

Back in July 2019, RiskIQ warned that attackers were actively scanning for misconfigured S3 buckets to spread malicious code, seeding skimming code into AWS instances associated with 17,000 domains, including some of the top 2000 Alexa-ranked websites in the world.

The latest discovery proves such attacks are ongoing, and represent an immediate threat to organizations.

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!