Security News > 2022 > August > Hiding a phishing attack behind the AWS cloud

From there they can send phishing messages carrying the AWS name into corporate emails systems to both get past scanners that typically would block suspicious messages and to add greater legitimacy to fool victims, according to email security vendor Avanan.

In a report this week, researchers with Avanan - acquired last year by cybersecurity company Check Point - outlined a phishing campaign that uses AWS and unusual syntax construction in the messages to get past scanners.

Now the public cloud is a vehicle and using AWS makes sense.

It is the largest public cloud player, owning a third of a global cloud infrastructure market that generated almost $55 billion in the second quarter, according to Synergy Research Group.

"Attacks using public cloud is becoming my common for many reasons, in part because infrastructure is so transient, reputational systems cannot help. We can block bulletproof hosting providers but we can't just block AWS," John Bambenek, principal threat hunter at Netenrich, told The Register.

Cybercriminals are "Creating phishing pages on AWS using the site's legitimacy to steal credentials," Avanan researchers wrote.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/08/22/aws_cloud_phishing/