Executive Summary

A report published on January 21, 2026, has uncovered a significant and ironic security risk: intentionally vulnerable applications designed for cybersecurity training are being exploited in the wild. Applications like OWASP Juice Shop, Damn Vulnerable Web Application (DVWA), and bWAPP are being deployed on production cloud environments (AWS, Google Cloud, Azure) and left exposed to the internet. Threat actors are actively exploiting these built-in vulnerabilities to gain initial access, steal cloud credentials, deploy malware, and pivot into sensitive corporate networks. This widespread misconfiguration has created an inadvertent supply chain risk, turning educational tools into active backdoors for major corporations and even security vendors, leading to confirmed compromises and data exposure.

Threat Overview

The core of the threat lies in a simple but dangerous misconfiguration. Developers and security teams are deploying these training applications for learning purposes but are failing to isolate them from production environments. Over 10,000 such instances were discovered exposed online.

• Attack Vector: Threat actors scan the internet for the digital fingerprints of these known-vulnerable applications. Once found, they use the well-documented vulnerabilities within them as a direct entry point.
• Exploitation: Instead of a controlled lab environment, the attackers land on a server with live production credentials and network access. They have been observed using these footholds to:
  • Achieve remote code execution (T1190 - Exploit Public-Facing Application).
  • Deploy webshells for persistent access (T1505.003 - Web Shell).
  • Install cryptocurrency miners (T1496 - Resource Hijacking).
  • Steal cloud credentials by accessing the instance metadata service (T1552.005 - Cloud Instance Metadata API).

Technical Analysis

In a confirmed case study, an attacker exploited an insecure file upload function in a publicly exposed Hackazon instance running on a production AWS server. This allowed them to upload a webshell. From there, the attacker queried the AWS metadata service endpoint (http://169.254.169.254) to retrieve temporary IAM role credentials attached to the EC2 instance. These credentials granted them access to sensitive S3 buckets and other resources within the company's production environment, demonstrating a clear path from a misconfigured training app to a significant data breach.

Impact Assessment

The consequences of this misconfiguration are severe:

• Credential Theft: Exposure of IAM roles, storage access keys, and other cloud service credentials.
• Data Breach: Attackers can access and exfiltrate sensitive corporate and customer data from cloud storage and databases.
• Financial Loss: The cost of cryptojacking can be substantial, along with the costs of incident response and remediation.
• Reputational Damage: The discovery that a company was breached via its own security training tools is highly damaging to its reputation, particularly for security vendors.
• Supply Chain Risk: When a security vendor is compromised in this way, it can create a downstream risk for all of its customers.

Detection & Response

1. Asset Discovery: Organizations must actively scan their public cloud environments for any instances of these known-vulnerable training applications. Use cloud security posture management (CSPM) tools or custom scripts to search for application names, default ports, and other indicators.
2. Monitor Cloud Logs: Analyze AWS CloudTrail, Azure Monitor, or Google Cloud Audit Logs for suspicious activity originating from the IP addresses of these training app instances. Pay close attention to unusual API calls, such as sts:AssumeRole or s3:ListBuckets from an unexpected source.
3. Behavioral Analysis: Use D3FEND's User Behavior Analysis principles to look for anomalous usage of IAM credentials, especially those associated with EC2 instances running these applications.

Mitigation

1. Isolate Training Environments: This is the most critical mitigation. All security training and testing must be conducted in a completely isolated network segment or a dedicated cloud account with no access to production data or credentials. This is an application of MITRE ATT&CK Mitigation M1048 - Application Isolation and Sandboxing.
2. Strict Network Policies: If these apps must be deployed, apply strict ingress and egress firewall rules to limit access to only authorized users and prevent the instance from communicating with the public internet or internal production services. (M1030 - Network Segmentation).
3. Principle of Least Privilege: Never attach production IAM roles or credentials to instances running training applications. If a role is needed, it should be custom-created with minimal, restricted permissions.
4. Regular Audits: Implement a policy and automated checks to regularly audit cloud environments for these applications and enforce their removal or isolation.