Phishing Attacks Enlist Amazon AWS, Microsoft Azure in Ploys

[silversurfer]

Content source

https://threatpost.com/phishing-amazon-aws-s3-cloud-buckets/147111/

Recent phishing campaigns have been spotted boosting their anti-detection efforts by using Amazon Web Services to host their landing pages. It’s a sign of a nascent trend towards using public cloud storage, according to researchers.
The attackers are also layering on various obfuscation techniques, including multibyte XOR encoding, according to the analysis, released by Proofpoint on Thursday.

“Threat actors, and most recently phishers, have been able to evade detection by using well-known and trusted consumer cloud, social networking and commerce services to host malicious phishing kits,” the researchers said in a posting on Thursday. “Some actors have now graduated from using consumer cloud storage such as Google Drive and Dropbox to more enterprise-class public cloud storage providers such as AWS and Microsoft Azure, and continue to use various encoding techniques in their landing web pages via JavaScript in order to evade detection.”

In late July, a targeted phishing campaign kicked off using the branding and email formatting of DocuSign. An email asks a target to sign a document electronically. If the visitor enters their information on the DocuSign landing page, they will then be redirected to a lookalike of the webmail service they indicated, and another phishing landing will try to steal the credentials.

Read more below:

Phishing Attacks Enlist Amazon AWS, Microsoft Azure in Ploys

An ongoing campaign is hosting its phishing landing pages on enterprise-class public cloud storage services — a nascent trend meant to throw defenders off.

threatpost.com

Phishing Actor Using XOR Obfuscation Graduates to Enterprise Cloud Storage on AWS | Proofpoint US

A phishing actor has been observed using public cloud storage at AWS to host their landing pages, using various obfuscation techniques including multibyte XOR encoding.

www.proofpoint.com