Home Threats Normalcy Retained at AWS Sydney Post API Errors and Latencies

Normalcy Retained at AWS Sydney Post API Errors and Latencies

Remote Access Scams

Amazon Web Services (AWS) in Sydney faced a sudden increase in API errors and corresponding latencies. These affected seven dependent services of AWS including Appstream 2.0, Elastic Cloud Compute (EC2), Elastic Load Balancing (ELB), ElastiCache, Relational Database Service (RDS), Workspaces, and Lambda. However, services were gradually restored by late evening.

On January 23, 2020, around 12 noon (Australia time zone), AWS Status Updates page—under its EC2 Sydney chapter—first reported this issue, saying connectivity to existing instances was not impacted. Later, AWS said, it had identified the root cause of the issue that mainly affected EC2 RunInstances and VPC related API requests. Launch requests from regional objects like subnets, which already existed, continued successfully as they did not depend on the affected subsystem. Thus, known subnet IDs were suggested to be used to launch instances within the region.

“A data store used by a subsystem responsible for the configuration of Virtual Private Cloud (VPC) networks is currently offline and the engineering team are working to restore it. While the investigation into the issue was started immediately, it took us longer to understand the full extent of the issue and determine a path to recovery,” said AWS, an hour later, on its Status Updates page.

Australia on High Alert

The consequences of the API errors and latencies were faced by customers, including the Australian Capital Territory (ACT) Emergency Services Agency (ESA), which keeps the locals updated with the state of emergencies. Currently, Australia is on a high alert due to the wild bushfires in the surrounding region of the ACT. Thus, locals have been advised to report to ACT through its website in case of heavy smoke spotting. AWS apologized for the inconvenience and restored the ACT’s ESA website by late evening to reinstate normalcy.

Recently, in order to help the people fighting it out on the frontline of Australian bushfires, many organizations set up online donation gateways on their respective websites. But, the Malwarebytes Threat Intelligence Team discovered a legitimate donation collecting website that was compromised by a MageCart script.

Hackers planted a Magecart script on the checkout page of the website to steal the payment information of the donors. This information was then sent to a domain controlled by the hackers. The research team confirmed that the software used for skimming is known as ATMZOW. On completing the donation process successfully, the stolen card details were then sent to a website, vamberlo.com. The malignant domain used by the hackers was later shut down.