Exploiting cloud storage to host static websites with links spread via SMS messages.
Cyber-criminal campaigns exploit major cloud storage services to redirect users to malicious websites in order to steal information.
According to research by Enea, a URL linking to the cloud storage is distributed via text messages, which appear to be authentic and can therefore bypass firewall restrictions.
The SMS messages commonly offer incentives to click, such as winning prizes and claiming gift cards.
However the facility provided by cloud storage to host static websites is exploited - so when a recipient of the SMS clicks on the link, they are directed to the static website stored in the storage bucket.
This website then automatically forwards or redirects users to the embedded spam URLs or dynamically generated URLs using JavaScript, all without the user’s awareness.
Platforms such as Amazon S3, Google Cloud Storage, Backblaze B2, and IBM Cloud Object Storage have been detected as being exploited here.
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
