Security News > 2022 > August > Hiding a phishing attack behind the AWS cloud
From there they can send phishing messages carrying the AWS name into corporate emails systems to both get past scanners that typically would block suspicious messages and to add greater legitimacy to fool victims, according to email security vendor Avanan.
In a report this week, researchers with Avanan - acquired last year by cybersecurity company Check Point - outlined a phishing campaign that uses AWS and unusual syntax construction in the messages to get past scanners.
Now the public cloud is a vehicle and using AWS makes sense.
It is the largest public cloud player, owning a third of a global cloud infrastructure market that generated almost $55 billion in the second quarter, according to Synergy Research Group.
"Attacks using public cloud is becoming my common for many reasons, in part because infrastructure is so transient, reputational systems cannot help. We can block bulletproof hosting providers but we can't just block AWS," John Bambenek, principal threat hunter at Netenrich, told The Register.
Cybercriminals are "Creating phishing pages on AWS using the site's legitimacy to steal credentials," Avanan researchers wrote.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/08/22/aws_cloud_phishing/
Related news
- Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (source)
- Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice (source)
- How much does cloud-based identity expand your attack surface? (source)
- TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer (source)
- FBI warns of massive wave of road toll SMS phishing attacks (source)
- Muddled Libra Shifts Focus to SaaS and Cloud for Extortion and Data Theft Attacks (source)
- FIN7 targets American automaker’s IT staff in phishing attacks (source)
- AI set to play key role in future phishing attacks (source)
- LA County Health Services: Patients' data exposed in phishing attack (source)
- LA County Health Services: Patients' data exposed in phishing attack (source)