Security News > 2020 > August > How phishing attacks have exploited Amazon Web Services accounts
2020-08-25 18:45
A series of recent phishing attacks tried to take advantage of organizations that use Amazon Web Services.
In one phishing campaign reported to KnowBe4, the attackers created a basic, no-frills scam to harvest the credentials of AWS users.
After the landing page captured the AWS credentials of any unsuspecting victims, the process redirected them back to Amazon itself, as if to place them in safe hands.
Harvest sensitive data from the account to be exploited in still further attacks against customers, partners, or clients.
Use an organization's AWS account as a phishing platform, which could involve exploiting the account to distribute malware as well as host credentials-phishing pages or other files used in phishing attacks.
News URL
Related news
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- How to Prevent Phishing Attacks with Multi-Factor Authentication (source)
- whoAMI attacks give hackers code execution on Amazon EC2 instances (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)