Abandoned AWS Cloud Storage: A Major Cyber-Attack VectorAbandoned AWS Cloud Storage: A Major Cyber-Attack Vector

New research highlights how bad actors could abuse deleted AWS S3 buckets to create all sorts of mayhem, including a SolarWinds-style supply chain attack.

Jai Vijayan, Dark Reading

February 5, 2025

1 Min Read
Image: Alamy

Abandoned cloud storage buckets present a major, but largely overlooked, threat to Internet security, new research has shown.

The risks arise when bad actors discover and re-register these neglected digital repositories under their original name and then use them to deliver malware or carry out other malicious actions against anyone still requesting files from them.

A Far From Theoretical Threat

The threat is far from theoretical, and the weakness is, in fact, incredibly easy to exploit, researchers from watchTowr discovered recently. The findings came as a follow-up to previous research they conducted last year on risks tied to expired and abandoned internet domain names.

For the latest study, the researchers first searched the Internet for Amazon AWS S3 buckets referenced in deployment code or a software update mechanism. They then checked to see if those mechanisms were pulling down unsigned or unverified executables or code from the S3 buckets.

The researchers discovered some 150 S3 buckets that at some time a government organization, Fortune 500 company, technology company, cybersecurity vendor, or major open source project had used for software deployment, updates, configurations, and similar purposes, and then abandoned.

Keep reading this article in Dark Reading, a Data Center Knowledge partner site

Related:Microsoft Rings in 2025 With Record Security Update

Read more about:

Dark Reading

About the Authors

Jai Vijayan

Jai Vijayan

Contributing writer, Dark Reading

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a senior editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics including big data, Hadoop, Internet of Things, e-voting and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a master's degree in statistics and lives in Naperville, Illinois.

See more from Jai Vijayan
Dark Reading

Dark Reading

Long one of the most widely read cyber security news sites on the Web, Dark Reading, a sister site to Data Center Knowledge, is now the most trusted online community for security professionals like you. Dark Reading's community members include thought-leading security researchers, CISOs, and technology specialists, along with thousands of other security professionals.

See more from Dark Reading
Subscribe to the Data Center Knowledge Newsletter
Get analysis and expert insight on the latest in data center business and technology delivered to your inbox daily.
Newsletter Sign-Up

You May Also Like

Editor's Choice

A close-up of a finger tapping the DeepSeek app icon on a smartphone screen
AI Data Centers
DeepSeek’s AI Breakthrough Signals Major Shifts for Data Centers
DeepSeek’s AI Breakthrough Signals Major Shifts for Data Centers

Jan 30, 2025

Data center infrastructure continues to evolve as the industry navigates growth challenges and embraces new technologies
Modular Data Centers
AFCOM: ‘Boundless Possibilities’ as AI Transforms Data Center Infrastructure
AFCOM: ‘Boundless Possibilities’ as AI Transforms Data Center Infrastructure

Jan 28, 2025

Will 2025 mark a turning point for nuclear-powered data centers?
Energy & Power Supply
Nuclear-Powered Data Centers: When Will SMRs Finally Take Off?
Nuclear-Powered Data Centers: When Will SMRs Finally Take Off?

Jan 22, 2025

Exclusive DCK Resources
See all DCK Resources

Industry Voices

Cloud
Google Plans Major CapEx Hike Amid Slowing Cloud Growth
Google Plans Major CapEx Hike Amid Slowing Cloud Growth

Feb 5, 2025

Thailand data center market illustration
Data Center Site Selection
Thailand’s Data Center Market Gathers Pace as SE Asia’s Digital Economy Expands
Thailand’s Data Center Market Gathers Pace as SE Asia’s Digital Economy Expands

Feb 5, 2025

Subscribe to the Data Center Knowledge Newsletter
Get analysis and expert insight on the latest in data center business and technology delivered to your inbox daily.
Newsletter Sign-Up

Featured Technical Explainers

AI chip
Cloud
Cloud vs. On-Prem AI Accelerators: Choosing the Best Fit for Your AI Workloads
Cloud vs. On-Prem AI Accelerators: Choosing the Best Fit for Your AI Workloads
Data center server configuration command lines on a computer monitor.
Open Source Software
Optimize Text Search: Master the grep Command in Linux
Optimize Text Search: Master the grep Command in Linux
Data center ETF stock chart illustration
Investing
Data Center ETFs: An Introductory Guide to Boosting Your Portfolio
Data Center ETFs: An Introductory Guide to Boosting Your Portfolio