In this work, we analyze to what extent actors target poorly-secured cloud storage buckets for attack. We deployed hundreds of AWS S3 honeybuckets with different names and content to lure and measure different scanning strategies. Actors exhibited clear preferences for scanning buckets that appeared to belong to organizations, especially commercial entities in the technology sector with a vulnerability disclosure program. Actors continuously engaged with the content of buckets by downloading, uploading, and deleting files. Most alarmingly, we recorded multiple instances in which malicious actors downloaded, read, and understood a document from our honeybucket, leading them to attempt to gain unauthorized server access.

翻译：在本研究中，我们分析了攻击者针对安全性较低的云存储桶进行攻击的程度。我们部署了数百个具有不同名称和内容的AWS S3蜜桶，以诱捕并测量不同的扫描策略。攻击者表现出明显的偏好，倾向于扫描那些看似属于组织的桶，尤其是技术领域具有漏洞披露计划的商业实体。攻击者持续与桶内容交互，下载、上传和删除文件。最令人警惕的是，我们记录了多起恶意攻击者下载、读取并理解蜜桶中文档的事件，进而导致他们试图获得未经授权的服务器访问权限。