Recent research by watchTwr Labs highlights the security risks associated with deleted or inactive Amazon S3 buckets. Cybercriminals can easily re-register these forgotten storage instances, leveraging them to spread malware and conduct large-scale supply chain attacks akin to the SolarWinds incident. After scanning the internet, the researchers found 150 abandoned S3 buckets, previously utilized by various organizations, which collectively received 8 million requests over two months. This vulnerability extends beyond S3 buckets, indicating a broader problem with abandoned cloud environments being ripe for exploitation.
"The attacks this weakness enables could be similar to the infamous SolarWinds attack."
"Malicious actors could have easily answered these requests with malicious files, potentially turning into large-scale cyberattacks."
Collection
[
|
...
]