Spray and Pay: Magecart Campaign Breaches Websites En Masse Via Misconfigured Amazon S3 Buckets (Jul 10, 2019)
The threat type Magecart, a term for groups who compromise third-party web suppliers, has been found to be larger than initially suspected. RiskIQ have identified Magecart compromising misconfigured Amazon S3 buckets. Once identifying a misconfigured bucket, a group uses a skimming script and overwrite the current script, in an attempt to receive payment details.
Recommendation: With the increasing risk of compromised S3 buckets, it is imperative for users to have adequate security. This includes correctly configuring their bucket to private and protection, warnings to S3 console and account- level blocking.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.