"Hiding a Phishing Attack Behind the AWS Cloud"

Cybercriminals are using Amazon Web Services (AWS) to execute their attacks by slipping phishing emails past automated security scanners. Scammers are taking advantage of the ability to use an AWS service to build and host web pages using WordPress or their own custom code. According to email security vendor Avanan, from there, they can send phishing messages with the AWS name into corporate email systems to both get past scanners that would typically block suspicious messages and to add greater legitimacy to trick victims. Avanan researchers have detailed a phishing campaign that uses AWS and unusual syntax construction in the messages to avoid detection. Email services, relying on static allow or block lists to determine whether or not email content is safe, are vulnerable to these attacks. AWS will always be designated as secure. It is not uncommon for phishing campaigns to capitalize on well-known brand names. This year, Avanan documented such efforts involving QuickBooks, PayPal, and Google Docs to ensure messages reach an inbox. Now that the public cloud is a vehicle, it makes sense for cybercriminals to gravitate towards using AWS. According to Synergy Research Group, AWS is the largest public cloud player, accounting for one-third of the global cloud infrastructure market, which generated nearly $55 billion in the second quarter. AWS, Microsoft Azure, and Google Cloud account for 65 percent of the available space combined. Attacks on public clouds are becoming more common for various reasons, including the fact that infrastructure is so transient that reputational systems cannot assist. These services are inexpensive, simple to use, and can quickly spin up and down services. Because public clouds are typically whitelisted, IP reputation does not work, and people are becoming more accustomed to using public cloud services, making them appear less suspicious. As enterprises continue to use multiple clouds, cybercriminals will have more exploitation options. Attack surfaces will be difficult to fingerprint due to the lack of visibility and the disjointed topology. To ensure that prevention and detection processes are implemented efficiently, organizations will need to standardize security across clouds and have the ability to consolidate visibility. This article continues to discuss the use of AWS for phishing attacks and the increased abuse of cloud services by cybercriminals. 

The Register reports "Hiding a Phishing Attack Behind the AWS Cloud"