By creating phishing pages on AWS, hackers get credentials

By creating phishing pages on AWS, hackers get credentials

News Summary:

  • Avanan researchers described how delivering a link to a phishing page via email has evolved into a method of getting users to submit their credentials without being detected in a blog post published on Thursday.

  • Researchers discovered late last week that hackers had been using their coding skills to create phishing pages on Amazon Web Services.

According to Jeremy Fuchs, a cybersecurity research analyst at Avanan, a Check Point firm, this attack shows how legitimate websites are still being used to host phishing pages. According to Fuchs, hackers have had success inserting phishing pages or links into legitimate-looking websites.

“These popular sites — in this case AWS — represent a tricky proposition for security scanners,” Fuchs explained. “It’s impossible to block these sites, but these attacks can’t be ignored. This is where the significant use of advanced AI [artificial intelligence] and ML [machine learning] comes into play. It’s critical to look at more than one factor when determining if an email is malicious or not.”

Avanan informed AWS of the problem and promised to update its blog with any new details.

Hosting harmful campaigns on trusted platforms has grown to be a preferred approach for threat actors as enterprises depend more heavily on cloud technology, according to Hank Schless, senior manager, security solutions at Lookout. According to Schless, attackers make extensive use of hosting services like AWS and Azure as well as collaboration tools like Google Docs and Office 365 to get through web filters and persuade targets to participate in their harmful activities.

“This is the next step in social engineering as attackers expand their arsenal of effective tactics,” Schless said. “This tactic could give attackers a backstage pass to your infrastructure and enable them to launch advanced attacks like a ransomware campaign. By hiding the malware in a legitimate file type, not only do they have a better chance of bypassing filters, but the targeted individual won’t think as much about whether they should engage with the content. It’s critically important for IT and security teams to have the ability to inspect all web traffic for malware that could be hiding behind legitimate services.”

According to Ryan McCurdy, vice president of marketing at Bolster, Inc., attackers prefer to appear trustworthy, thus it is in their best interest to create a similar-looking domain with a respectable hosting company.

We will be happy to hear your thoughts

Leave a reply

Tech Reviews, News and Guides