Hackers Leverage Websites hosted on AWS S3 Buckets


Hackers use legitimate Amazon Web Services (AWS) S3 buckets to send phishing emails.

Recent trends have seen cybercriminals leveraging well-known platforms like Google, QuickBooks, and PayPal to send out phishing emails, making detection challenging for both security services and end-users. 

In this new wave of phishing attacks, hackers are turning to AWS S3 Buckets to host phishing links, providing them with a more convincing and legitimate façade. 

“Check Point researchers notified Amazon of this campaign on July 25th”.

The utilization of AWS S3 Buckets allows attackers to present phishing emails that pass typical security checks, making them hard to distinguish from genuine communications. 



Document

FREE Webinar

API Attacks Have Increased by 400% – Understand the Fundamentals of Protecting Your APIs with a Positive Security Model – Register Now for a Free Webinar


The attack leverages the following key techniques:

1. Vector: Email

2. Type: Business Email Compromise (BEC) 3.0

3. Techniques: Social Engineering, Credential Harvesting

4. Target: Any end-user

Anatomy of the Attack

A common starting point for such attacks is a phishing email, often disguised as a password reset request. 

Hackers Leverage Websites hosted on AWS S3 Buckets
Hackers Leverage Websites hosted on AWS S3 Buckets 3

Although some users might recognize such emails and refrain from engaging, the email’s appearance and content might lead others to click on the link. 

Hackers Leverage Websites hosted on AWS S3 Buckets
Hackers Leverage Websites hosted on AWS S3 Buckets 4

This link takes the user to an AWS S3 Bucket-hosted webpage, which appears legitimate due to its URL pointing to a recognized AWS domain.

Upon reaching the webpage, several subtle tactics are employed to deceive the user:

– The URL is an S3 Bucket, a genuine AWS service.

– A Microsoft login page is recreated.

– The email address field is pre-populated, making it appear as if the user is already logged in.

– A blurred-out portion in the URL bar implies the user is logged in.

Technical Sophistication

While this attack demands a higher level of technical prowess compared to standard phishing attacks, it remains within reach for the average hacker. 

The objective is to extract credentials, as gaining access to these credentials grants the attacker significant control over the victim’s accounts and data.

To defend against such attacks, security professionals are advised to adopt a multi-faceted approach:

1. AI-Enhanced Security: Implement security solutions that utilize AI to analyze multiple indicators of phishing, enabling the identification of suspicious emails even if they appear legitimate at first glance.

2. Document and File Scanning: Employ comprehensive security measures that can scan attachments and documents, detecting potential threats hidden within these files.

3. Robust URL Protection: Utilize advanced URL protection systems that scan and simulate webpages, identifying and blocking phishing sites before they can inflict damage.

As hackers continue to exploit legitimate platforms for malicious purposes, it’s crucial for organizations and individuals to remain vigilant.

The adoption of AWS for phishing attacks underscores the importance of staying updated on the latest cybersecurity trends and implementing proactive defense strategies. 

By understanding the techniques employed by cybercriminals and implementing recommended security measures, technical readers can contribute to safeguarding digital landscapes from evolving threats.

Keep informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.





Source link