Researchers from Avanan, a Check Point company, have discovered cybercriminals are creating phishing pages on Amazon Web Services (AWS) using the site’s legitimacy to steal credentials.
AWS is one of the most popular cloud storage and hosting solutions used by major companies hosting their work on the service through to individuals using it to create and host webpages.
Avanan said: “If you’re using a site on the Internet, there’s a good chance that AWS is involved in some fashion.
“One way that folks use AWS is to build and host web pages. The service allows you to host a WordPress site or something fully created with custom code. With a little bit of coding knowledge, you can create a free website that’s hosted on AWS.”
Hackers are building phishing pages on AWS, sending a link to this page via email is a way to bypass scanners and get users to hand over credentials.
Attack
In this attack, hackers are creating phishing websites using AWS Apps using:
• Vector: Email
• Type: Credential Harvesting
• Techniques: Static Expressway
• Target: Any end-user
Avanan notified AWS of these findings will a pledge to update with any additional information.
To guard against these attacks, security professionals can do the following:
• Always hover over any link to see the destination URL before clicking on it
• Encourage end-users to ask IT if the email is legitimate or not
• Always look at the content of the email before proceeding