IT

110K Domains Targeted in

Photo of msmash msmash4 weeks ago
0 14 Less than a minute
110k-domains-targeted-in
110K Domains Targeted in

Posted by msmash from the catch-them-if-you-can dept.

A sophisticated extortion campaign has targeted 110,000 domains by exploiting misconfigured AWS environment files, security firm Cyble reports. The attackers scanned for exposed .env files containing cloud access keys and other sensitive data. Organizations that failed to secure their AWS environments found their S3-stored data replaced with ransom notes.

The attackers used a series of API calls to verify data, enumerate IAM users, and locate S3 buckets. Though initial access lacked admin privileges, they created new IAM roles to escalate permissions. Cyble researchers noted the attackers’ use of AWS Lambda functions for automated scanning operations.

Uncertain fortune is thoroughly mastered by the equity of the calculation. – Blaise Pascal

Working…

Tags
Photo of msmash msmash4 weeks ago
0 14 Less than a minute
Photo of msmash

msmash

Related Articles

‘

3 weeks ago
shipt

Shipt

July 7, 2024

Demand For High-End Cameras is Soaring – Slashdot

2 days ago
logitech-says-the

Logitech Says the

August 7, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© Copyright 2024, All Rights Reserved  |  zabollah
Back to top button

Adblock Detected

Block the adblockers from browsing the site, till they turn off the Ad Blocker.