Amazon CloudFront Spoof Could Be Used To Attack

Amazon Cloudfront

Security firm Sucuri reported that the hackers are spoofing Amazon's content delivery network CloudFront to inject malicious payload into websites.

The javascript with the link posing as a legitimate service of CLOUDFRONT to convince webmasters to use the malicious script in their websites. 

The script loads a custom encoded script which loads differently every time you access, also known as a conditional payload. In fact, if you access it using Internet Explorer it just changes the variables, but if you use any other browser or user-agent, everything changes and the output is broken, like this:

Fioravante Souza, malware researcher at Sucuri, said, "Its definitely suspicious, but no harmful payload was delivered at the time."

"The attackers are in fact trying to confuse webmasters by abusing our trust in trusted sources, i.e., Amazon’s CloudFront. If there is one thing we have learned in the years of doing this work, half the webmaster don’t really know what code and service their website ingests, that’s on the developer, they’re simply responsible for maintaining it. This is where the breakdown begins, and the vulnerability that attackers look to exploit," Souza added.

Source : Sucuri

No comments

Powered by Blogger.