Wasabi cloud storage service knocked offline for hosting malware

/in


Wasabi header image
Source: Wasabi.com

Cloud storage provider Wasabi suffered an outage after a domain used for storage endpoints was suspended for hosting malware.

Wasabi is a cloud storage provider that competes with solutions like Amazon S3 by offering significantly cheaper services, not charging egress or API fees, and promising a 99.999999999% data durability.

Yesterday, at approximately 2:30 PM EST, Wasabi users suddenly found that they could no longer access their storage buckets [1, 2, 3] hosted on the wasabisys.com domain.

Wasabi acknowledged the issue in an outage report stating that DNS resolutions were causing “degraded performance.”

“We are currently investigating reports of issues resolving some endpoints including s3.eu-central-1.wasabisys.com s3.us-west-1.wasabisys.com and s3.wasabisys.com. We are investigating to try to determine the source of the issue. We will update this page as soon as we have more details,” Wasabi stated in the status report.

According to the status report, their domain registrar attempted to contact Wasabi about malicious content hosted on the wasabisys.com domain. When sending the abuse report, the registrar forwarded it to the wrong email, and Wasabi was never notified.

This mishap led to the registrar suspending the domain, effectively knocking the storage service offline as almost all of their storage buckets utilize the wasabisys.com domain.

After learning of the abuse report, Wasabi suspended the client hosting the malicious content and asked the registrar to reactivate the domain. The domain’s reinstatement took thirteen hours to complete, with it finally being restored today, at 12:57 PM EST.

“Upon learning of the malicious content report, Wasabi did immediately suspend the associated customer account for terms of service violations. We also contacted the domain name registrar as soon as we identified the problem. However, despite our escalation attempts, it took over 13 hours for them to reactivate the wasabisys.com domain,” Wasabi stated.

Threat actors are known to abuse legitimate cloud hosting services to host malware, and Wasabi is no exception. It is unknown what malicious content, or potentially false positives, triggered the domain’s…

Source…