Permiso Discovers Smishing Attack to Steal AWS Credentials
Permiso, a provider of a platform for correlating IT events to identities, today disclosed the discovery of an attack through which cybercriminals are employing text messages to steal credentials that enable them to access Amazon Web Services (AWS) infrastructure.
Nathan Eades, a threat researcher for Permiso, said cybercriminals are leveraging Simple Notification Service (SNS) to target Short Message Service (SMS) capabilities to launch a variation of a phishing campaign to gain access to AWS credentials. Known as a “smishing” attack, that goal is to steal the credentials of AWS administrators that use mobile devices to remotely log into AWS accounts, said Eades.
Once access is gained, cybercriminals can then use an SNS Publish action and send a message to any provided phone number or an application that can be used to access accounts. Cybercriminals can then either use those compromised credentials to plant malware or resell those credentials to another cybercriminal entity, he noted. They might also simply destroy the environment by exhausting available quotas to make an AWS service unusable, added Eades.
With more workloads being deployed on cloud computing platforms every day, there is no doubt cybercriminals are deliberately targeting cloud computing platforms. The assumption, however, is that these attacks are more sophisticated than they actually are; the only thing most cybercriminals need to wreak havoc is a set of credentials. The issue, in this case, is that not every developer or IT administrator realizes just how vulnerable text messages are to these types of attacks. Developers that have access to programmatic tools for provisioning cloud infrastructure are especially vulnerable because many of them have limited to no cybersecurity expertise.
It’s not clear how many other cloud platforms might be susceptible to these types of attacks, but most cybercriminals will look to exploit the path of least resistance to launch a cyberattack. No matter how robust the level of cloud security, all that effort can be for naught when cybercriminals gain access to a set of valid credentials.
One way or another, the security of cloud computing environments needs to improve. The infrastructure that is provided by cloud service providers is generally secure, but the processes used to access them are often flawed. In addition, the organizations that build and deploy applications on those platforms are responsible for ensuring application security.
Many IT organizations are now investing in zero-trust initiatives that rely on ensuring access based on end user, application or machine identities to improve the overall state of cloud security, but it will take time for organizations to make that transition. In the meantime, organizations are hoping that existing investments in cloud firewalls will limit the scope of any breach. Unfortunately, cybercriminals are finding it relatively simple to gain access to IT environments using targeted phishing attacks that are not especially sophisticated.
The challenge is that as the cybercriminals that launch these attacks gain access to generative artificial intelligence (AI) platforms such as ChatGPT, the ability to craft more sophisticated phishing attacks is only going to increase.
