In this thesis, we analyze to what extent actors target poorly-secured cloud storage bucketsfor attack. We deployed hundreds of AWS S3 honeybuckets with different names and content to
lure and measure different scanning strategies. Actors exhibited clear preferences for scanning
buckets that appeared to belong to organizations, especially commercial entities in the technology
sector with a vulnerability disclosure program. Actors continuously engaged with the content of
buckets by downloading, uploading, and deleting files. Most alarmingly, we recorded multiple
instances in which malicious actors downloaded, read, and understood a document from our
honeybucket, leading them to attempt to gain unauthorized server access.