Security News > 2020 > August > How phishing attacks have exploited Amazon Web Services accounts
2020-08-25 18:45
A series of recent phishing attacks tried to take advantage of organizations that use Amazon Web Services.
In one phishing campaign reported to KnowBe4, the attackers created a basic, no-frills scam to harvest the credentials of AWS users.
After the landing page captured the AWS credentials of any unsuspecting victims, the process redirected them back to Amazon itself, as if to place them in safe hands.
Harvest sensitive data from the account to be exploited in still further attacks against customers, partners, or clients.
Use an organization's AWS account as a phishing platform, which could involve exploiting the account to distribute malware as well as host credentials-phishing pages or other files used in phishing attacks.
News URL
Related news
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- iOS devices face twice the phishing attacks of Android (source)
- Windows NTLM hash leak flaw exploited in phishing attacks on governments (source)
- Three Reasons Why the Browser is Best for Stopping Phishing Attacks (source)
- Phishing detection is broken: Why most attacks feel like a zero day (source)
- DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack (source)
- Low-tech phishing attacks are gaining ground (source)
- MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks (source)