Wasabi users complained of a glitch refusing access to the storage buckets on December 29, as the cloud storage provider suffered a mishap due to hosting malware.
The storage provider confirmed that the wassabisys.com domain was down due to hosting malware suspension. Storage endpoints were affected, causing degraded performance on the storage domain.
The status report details the issue with malicious content hosted on the wasabisys.com domain. From here, the domain registrar has to send the abuse report but unfortunately forwarded it to the wrong email.
Wasabi was never notified of this situation, and the registrar acted on it alone and suspended the domain altogether. This has caused the storage service to go offline, leaving almost all storage buckets inaccessible for Wasabi users.
“We are currently investigating reports of issues resolving some endpoints including s3.eu-central-1.wasabisys.com s3.us-west-1.wasabisys.com, and s3.wasabisys.com. We are investigating to try to determine the source of the issue,” stated on Wasabi’s status report.
The company noted the situation and said the DNS resolutions are causing the poor performance of the buckets. In addition, Wasabi also has suspended the client hosting the malicious content, then asked the registrar to reactivate the domain.
According to reports, it took 13 hours before the domain comes back live.
“Upon learning of the malicious content report, Wasabi did immediately suspend the associated customer account for terms of service violations. We also contacted the domain name registrar as soon as we identified the problem,” said the company.
Trigger Domain Suspension
Domain malware is nothing new to cloud storage service providers as some malicious actors are trying to trigger a suspension. In this case, the domain registrar has to act quickly to prevent things from escalating further.
The decision came after forwarding the notice to a wrong email, causing more complications. By suspending the domain altogether, threat actors can’t do anything, as the system’s down and no content is accessible.
Hackers use this kind of technique to access and abuse legitimate cloud hosting services. Wasabi, as a big name in the storage market, is a big shot for threat actors who are prying for information.
Wasabi didn’t disclose what the malicious content is, whether it’s a false positive or phishing attack. However, the threat actor succeeded in suspending the cloud storage domain, leaving Wasabi users no chance of accessing their data in the cloud.