In addition to these examples, the researchers observed many requests from various scripts and tools that were simply trying to download .exe files from their S3 buckets, which of course can directly lead to remote code execution on systems, assuming those executables are then executed without any type of digital signature validation.
The researchers even tried, where it was possible, to determine when some of the S3 buckets were abandoned, to understand the window of possible exploitation. In one case, one bucket was left to expire back in 2015, yet 10 years later it was still receiving requests for dangerous files.
This research highlights the dangers of having an “easy come, easy go” mentality when it comes to internet infrastructure, according to watchTowr. “In a world where registering a domain name costs a mere few dollars, and registering an internet resource like an S3 bucket takes even less, it takes very little to inadvertently commit to maintaining a finite resource,” the researchers wrote. “What we’re only just beginning to see, though, is that all these resources that were carelessly acquired are not only assets, as expected, but also bring with them their own obligations.”
