Attackers exploit Twilio’s misconfigured cloud storage, inject malicious code into SDK

2020-07-23 10:09

Twilio has confirmed that, for 8 or so hours on July 19, a malicious version of their TaskRouter JS SDK was being served from their one of their AWS S3 buckets.

"Due to a misconfiguration in the S3 bucket that was hosting the library, a bad actor was able to inject code that made the user's browser load an extraneous URL that has been associated with the Magecart group of attacks," the company shared.

Jordan Herman, Threat Researcher at RiskIQ, which detailed previous threat campaigns that used the same malicious traffic redirector, told Help Net Security that because of how easy misconfigured Amazon S3 buckets are to find and the level of access they grant attackers, they are seeing attacks like this happening at an alarming rate.

Om Moolchandani, co-founder and CTO at code to cloud security company Accurics, noted that there are many similarities between waterhole attacks and the Twilio incident.

"Taking over a cloud hosted SDK allows attackers to 'cloud waterhole' into the victim environments by landing directly into the operation space of victims," he said.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/Jy0W-DULOzQ/

#cloud #exploit #SDK