Security News > 2020 > August > How phishing attacks have exploited Amazon Web Services accounts
A series of recent phishing attacks tried to take advantage of organizations that use Amazon Web Services.
In one phishing campaign reported to KnowBe4, the attackers created a basic, no-frills scam to harvest the credentials of AWS users.
After the landing page captured the AWS credentials of any unsuspecting victims, the process redirected them back to Amazon itself, as if to place them in safe hands.
Harvest sensitive data from the account to be exploited in still further attacks against customers, partners, or clients.
Use an organization's AWS account as a phishing platform, which could involve exploiting the account to distribute malware as well as host credentials-phishing pages or other files used in phishing attacks.
News URL
Related news
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- GenAI makes phishing attacks more believable and cost-effective (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Inside the incident: Uncovering an advanced phishing attack (source)
- FBI spots HiatusRAT malware attacks targeting web cameras, DVRs (source)
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)