Cybercriminals could exploit online programming learning platforms, such as DataCamp, to facilitate remote cyberattacks, data exfiltration
, and vulnerable device scanning, BleepingComputer
DataCamp's resources may have been used by threat actors to conceal attacks, with the platform's advanced online Python integrated development environment discovered by Profero researchers to
enable third-party module installation to establish a connection with an Amazon S3 storage bucket. Researchers then found that such a scenario did not only allow access to an S3 bucket but also file exfiltration to the DataCamp website's workspace environment. While the Nmap network mapping tool was not directly installed, it was compiled with its binary executed by DataCamp. Moreover, the EICAR file for testing antivirus system detection was also able to be uploaded to DataCamp. DataCamp noted the inherent risk of system exploitation but emphasized that it has adopted the necessary measures to avert threats.
"In addition, in order to prevent individual malpractice, we have implemented a responsible disclosure policy and monitor our systems on an ongoing basis to mitigate risk," said DataCamp. Meanwhile, Profero noted that other learning platforms could also be exploited by threat actors.