Security News > 2020 > August > How phishing attacks have exploited Amazon Web Services accounts
A series of recent phishing attacks tried to take advantage of organizations that use Amazon Web Services.
In one phishing campaign reported to KnowBe4, the attackers created a basic, no-frills scam to harvest the credentials of AWS users.
After the landing page captured the AWS credentials of any unsuspecting victims, the process redirected them back to Amazon itself, as if to place them in safe hands.
Harvest sensitive data from the account to be exploited in still further attacks against customers, partners, or clients.
Use an organization's AWS account as a phishing platform, which could involve exploiting the account to distribute malware as well as host credentials-phishing pages or other files used in phishing attacks.
News URL
Related news
- Australian Organisations Targeted by Phishing Attacks Disguised as Atlassian (source)
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- SolarWinds Web Help Desk flaw is now exploited in attacks (source)
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)