Cybercriminals Exploit Cloud Storage For SMS Phishing Scams
-
Security researchers have revealed a series of criminal campaigns that exploit cloud storage services such as Amazon S3, Google Cloud Storage, Backblaze B2 and IBM Cloud Object Storage. These campaigns, driven by unnamed threat actors, aim to redirect users to malicious websites to steal their information using SMS messages. According to a technical write-up published by Enea today, the attackers have two primary goals. First, they want to ensure that scam text messages are delivered to mobile handsets without detection by network firewalls. Second, they seek to convince end users that the messages or links they receive are trustworthy. By leveraging cloud storage platforms to host static websites with embedded spam URLs, attackers make their messages appear legitimate and avoid common security measures. Cloud storage services allow organizations to store and manage files and host static websites by storing website assets in a storage bucket. Cybercriminals have exploited this capability by embedding spam URLs in static websites stored on these platforms.
ที่มาแหล่งข่าว
https://www.infosecurity-magazine.com/news/cloud-storage-exploited-sms/
