S3 Takeovers, DeepSeek Deceptions & the Cloud’s Dirty Laundry
In this episode of Breaking Badness, we dive into two major cybersecurity concerns: the risks of abandoned S3 buckets and a wave of phishing attacks impersonating DeepSeek. watchTowr Labs uncovers how forgotten AWS storage can be hijacked for malicious purposes, potentially compromising military, government, and enterprise systems. Meanwhile, attackers exploit DeepSeek’s rising popularity to create lookalike sites, tricking unsuspecting users into downloading malware or exposing credentials.
Join hosts Kali Fencl, Tim Helming, and Taylor Wilkes-Pierce as they break down these findings with humor, deep insights, and even a few pop culture references. Plus, we rate the severity of these threats on our infamous Hoodie Scale and wrap up with Gold, Guidance & Grievances.
The Forgotten Cloud: How Abandoned S3 Buckets Become Hacker Goldmines
One of the biggest takeaways from this episode was the eye-opening research from watchTowr Labs on S3 bucket takeovers. These misconfigurations and abandoned cloud storage instances pose a significant cybersecurity risk, and as Taylor Wilkes-Pierce explained:
“They were getting requests from .mil networks, .gov networks… That is concerning. Problematic.”
What Happened?
- Researchers discovered old S3 buckets that were still being referenced by active systems, allowing them to hijack storage namespaces.
- Millions of inbound requests were being made to these abandoned cloud storage links.
- Potential impact? Attackers could have replaced legitimate files with malicious software, compromising critical infrastructure.
What Can Be Done?
- Regular cloud asset audits to ensure old storage instances are decommissioned.
- Implement strict security policies for cloud storage usage.
- Monitor DNS and infrastructure dependencies to avoid hidden risks.
Read watchTowr Labs’ full report here
DeepSeek Phishing: When AI Hype Becomes a Cybercrime Playground
As AI models like DeepSeek dominate headlines, cybercriminals are riding the hype wave to create convincing phishing sites. These fake DeepSeek websites trick users into:
- Entering credentials for account takeovers
- Downloading malware-infected AI models
- Falling victim to crypto scams
How Are Attackers Doing It?
- Registering lookalike domains that resemble DeepSeek’s official site
- Hosting fraudulent AI tools on phishing pages
- Leveraging social engineering to make attacks appear more legitimate As Tim Helming put it:
“It’s not that they’re trying to impersonate DeepSeek’s functionality itself… but they’re capitalizing on the hype.”
How to Stay Safe?
- Verify URLs before logging into any AI service.
- Use browser security tools to block suspicious domains.
- Check for official announcements from AI providers before downloading software.
See Memcyco’s DeepSeek phishing analysis
Watch on YouTube
That’s about all we have for this week, you can find us on Mastodon and Twitter/X @domaintools, all of the articles mentioned in our podcast will always be included on our podcast recap. Catch us Wednesdays at 9 AM Pacific time when we publish our next podcast and blog.
*A special thanks to John Roderick for our incredible podcast music!
