InfoSecBulletin Cybersecurity for mankind
Researchers found criminal SMS phishing scam campaigns that exploit cloud storage services like Amazon S3, Google Cloud Storage, Backblaze B2, and IBM Cloud Object Storage.
These campaigns, run by unknown threat actors, aim to send SMS messages to redirect users to malicious websites in order to steal their information. According to a technical write-up published by ENEA bad actors are doing this for two primary goals.
CERT-In Flags Multiple Critical Vulnerabilities in Zoom app
Daily Security Digest Dated 11/23/24
SafetyDetectives’ Research
Malware evades Microsoft Defender and 2FA, stealing $24K in crypto (video)
Over 145,000 ICS Across 175 Countries Found Exposed Online
World to see AI powered “human washing machines”
Hacker compromised over 2000 Palo Alto Networks Firewalls
“Forces Penpals” exposed US and UK Military Social Network’s 1 Million Records
CVE-2024-51503
Trend Micro released updates for Deep Security Agent RCE
Apple Releases Patch for two Actively Exploited Zero-Day
Maxar Space Data Leak, Company admit, Investigation ongoing!
Firstly, They want to send scam text messages to mobile phones without being detected by network firewalls. Secondly, they try to convince users that the messages or links they receive are trustworthy.
By leveraging cloud storage platforms to host static websites with embedded spam URLs, attackers make their messages appear legitimate and avoid common security measures.
Cloud storage services let organizations store and manage files and host static websites by storing website assets in a storage bucket. However, cybercriminals have taken advantage of this by inserting spam URLs in static websites stored on these platforms.
They send web links through text messages to cloud storage sites. This can bypass firewall restrictions as the cloud domains are well-known. When users click on these links, they are taken to harmful sites without realizing it.
Attackers used the Google Cloud Storage domain “storage.googleapis.com” to create URLs leading to spam sites. A static webpage hosted in a Google Cloud bucket redirects users to scam sites using HTML meta refresh techniques. This allows cybercriminals to trick users into visiting fraudulent websites that imitate legitimate offers, like gift card promotions, in order to steal personal and financial information.
Enea has noticed similar tactics with other cloud storage services such as Amazon Web Services (AWS) and IBM Cloud. URLs sent in SMS messages lead to spam websites.
To protect against these threats, Enea suggests monitoring traffic behavior, checking URLs, and being cautious of unexpected messages with links.
