Researchers at Avanan, a Check Point Company, have discovered threat actors are using the legitimacy of Amazon Web Services (AWS) to create phishing websites that bypass scanners and get users to steal credentials. The attack brief that Avanan has put out looks at how hackers are creating phishing pages utilizing AWS applications via email for credential harvesting, using static expressway techniques to target victims.
Avanan’s cybersecurity research uncovered that this new attack is exploiting a legitimate AWS app domain to build sites and send them as fraudulent password expiration notifications via email to victims prompting them to click on the page to conduct a credential reset.
This campaign is prompting vulnerable users to click on the password reset page, which shows the targeted victim’s company domain filled in at the URL bar, company logo, and pre-populated email address, so all the user needs to do is enter their password.
The attack brief can be found here: https://www.avanan.com/blog/hackers-build-phishing-pages-using-aws-apps
Like this:
Like Loading...
Related
This entry was posted on August 18, 2022 at 12:31 pm and is filed under Commentary with tags Avanan. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
New Attack Exploits AWS to Build Personalized Phishing Page and Send Fake Auto-Filled Password Reset: Avanan
Researchers at Avanan, a Check Point Company, have discovered threat actors are using the legitimacy of Amazon Web Services (AWS) to create phishing websites that bypass scanners and get users to steal credentials. The attack brief that Avanan has put out looks at how hackers are creating phishing pages utilizing AWS applications via email for credential harvesting, using static expressway techniques to target victims.
Avanan’s cybersecurity research uncovered that this new attack is exploiting a legitimate AWS app domain to build sites and send them as fraudulent password expiration notifications via email to victims prompting them to click on the page to conduct a credential reset.
This campaign is prompting vulnerable users to click on the password reset page, which shows the targeted victim’s company domain filled in at the URL bar, company logo, and pre-populated email address, so all the user needs to do is enter their password.
The attack brief can be found here: https://www.avanan.com/blog/hackers-build-phishing-pages-using-aws-apps
Share this:
Like this:
Related
This entry was posted on August 18, 2022 at 12:31 pm and is filed under Commentary with tags Avanan. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.