Hackers Exploiting Amazon, Google & IBM Cloud Services To Steal Customer Data
Criminals are exploiting cloud storage services to host phishing web sites for SMS scams by abusing the static web suppose data superhighway hosting feature of cloud storage to store HTML details with malicious URLs, which are included in SMS textual screech material messages that bypass firewalls due to they enjoy depended on cloud platform domains.
Clicking the hyperlink within the SMS directs users to a seemingly legitimate web suppose hosted on cloud storage, which then redirects them to the phishing suppose to take their data.
Attackers are exploiting Google Cloud Storage by data superhighway hosting a malicious webpage within a bucket, which leverages the “HTML meta refresh” technique, a web constructing fair that robotically reloads or redirects the actual person to but any other webpage after a living time.
Unsolicited mail emails enjoy links to this initial webpage hosted on Google Cloud Storage, tricking users into unknowingly visiting the malicious suppose.
The attacker leverages Google Cloud Storage by environment up a bucket named “dfa-b” to host a malicious HTML web page, “dfmc.html,” which exploits the “meta refresh” tag with a nil-second lengthen to redirect unsuspecting users to a quite quite a bit of URL robotically.
The URL that is the goal of the attack potentially incorporates more parameters for monitoring or malicious capabilities.
Malicious actors leverage a meta refresh tag within SMS phishing messages to robotically redirect users to fraudulent web sites (scam web suppose touchdown web page, web page 2, web page 3) disguised as legitimate present card offers.
The technique objectives to take non-public and financial data, because the redirection utilizes cloud storage services cherish Google Cloud Storage, even though Amazon Web Companies and products and IBM Cloud are also exploited for equivalent scams.
Scammers increasingly leverage cloud storage services cherish Amazon AWS, IBM Cloud, and Blackblaze B2 Cloud to conduct phishing assaults by SMS, as these messages enjoy links that appear like legitimate cloud storage URLs.
Alternatively, clicking the hyperlink directs users to malicious static web sites designed to take non-public data. Upon clicking the hyperlink, the actual person shall be robotically redirected to a web suppose that impersonates a preferred platform, equivalent to a bank login web page.
In step with Enea, the technique enables scammers to circumvent security filters due to the initial hyperlink originates from a depended on cloud provider, making it appear more credible, which increases the success price of these phishing attempts as users are much less susceptible to suspect a hyperlink from a legitimate cloud carrier provider.
Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Sign up for free.
Source credit : cybersecuritynews.com