A series of criminal campaigns exploiting cloud storage services such as Amazon S3, Google Cloud Storage, Backblaze B2, and IBM Cloud Object Storage have been uncovered by security researchers. These campaigns, driven by unidentified threat actors, aim to redirect users to malicious websites through SMS messages to steal personal and financial information. According to a technical write-up published by Enea, the attackers have two primary goals: ensuring that scam text messages bypass network firewalls and convincing end users of the legitimacy of the messages or links they receive.
By leveraging cloud storage platforms to host static websites with embedded spam URLs, attackers make their messages appear trustworthy and avoid common security measures. Cloud storage services allow organizations to store and manage files and host static websites, and cybercriminals have exploited this capability by embedding spam URLs in static websites stored on these platforms. They distribute URLs linking to these cloud storage sites via SMS, which often bypass firewall restrictions due to the perceived legitimacy of well-known cloud domains. Once users click on these links, they are redirected to malicious sites without their knowledge.
For instance, attackers have used the Google Cloud Storage domain “storage.googleapis.com” to create URLs that link to spam sites. The static webpages hosted in Google Cloud buckets employ HTML meta refresh techniques to redirect users to scam sites immediately. This method allows cybercriminals to lure users to fraudulent websites that often mimic legitimate offers, such as gift card promotions, to steal personal and financial information. Enea has observed similar tactics with other cloud storage services like Amazon Web Services (AWS) and IBM Cloud, where URLs in SMS messages lead to static websites hosting spam.
To defend against such threats, Enea recommends monitoring traffic behavior, inspecting URLs, and being cautious of unexpected messages containing links. By remaining vigilant and employing robust security measures, individuals and organizations can better protect themselves from these sophisticated phishing scams. The growing exploitation of cloud storage services for malicious purposes highlights the need for continuous vigilance and advanced security practices in the digital landscape.
Reference:
