Security News > 2022 > August > Hiding a phishing attack behind the AWS cloud
From there they can send phishing messages carrying the AWS name into corporate emails systems to both get past scanners that typically would block suspicious messages and to add greater legitimacy to fool victims, according to email security vendor Avanan.
In a report this week, researchers with Avanan - acquired last year by cybersecurity company Check Point - outlined a phishing campaign that uses AWS and unusual syntax construction in the messages to get past scanners.
Now the public cloud is a vehicle and using AWS makes sense.
It is the largest public cloud player, owning a third of a global cloud infrastructure market that generated almost $55 billion in the second quarter, according to Synergy Research Group.
"Attacks using public cloud is becoming my common for many reasons, in part because infrastructure is so transient, reputational systems cannot help. We can block bulletproof hosting providers but we can't just block AWS," John Bambenek, principal threat hunter at Netenrich, told The Register.
Cybercriminals are "Creating phishing pages on AWS using the site's legitimacy to steal credentials," Avanan researchers wrote.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/08/22/aws_cloud_phishing/
Related news
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- SANS Institute Warns of Novel Cloud-Native Ransomware Attacks (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)