Select Page

Hacking groups are continuing to leverage misconfigured AWS S3 data storage buckets to insert malicious code into websites in an attempt to swipe credit card information and carry out malvertising campaigns.

In a new report shared with The Hacker News, cybersecurity firm RiskIQ said it identified three compromised websites belonging to Endeavour Business Media last month that are still hosting JavaScript skimming code — a classic tactic embraced by Magecart, a consortium of different hacker groups who target online shopping cart systems.

The unpatched affected websites host emergency services-related content and chat forums catering to firefighters, police officers, and security professionals, per RiskIQ.

  • www[.]officer[.]com
  • www[.]firehouse[.]com
  • www[.]securityinfowatch[.]com

The cyber firm said it hasn’t heard back from Endeavour Business Media despite reaching out to the company to address the issues.

As a consequence, it’s working with Swiss non-profit cybersecurity firm to sinkhole the malicious domains associated with the campaign.

Amazon S3 (short for Simple Storage Service) is a scalable storage infrastructure that offers a reliable means to save and retrieve any amount of data via a web services interface.

images from Hacker News