Exploiting cloud storage to host static websites with links spread via SMS messages.
Cyber-criminal campaigns exploit major cloud storage services to redirect users to malicious websites in order to steal information.
According to research by Enea, a URL linking to the cloud storage is distributed via text messages, which appear to be authentic and can therefore bypass firewall restrictions.
The SMS messages commonly offer incentives to click, such as winning prizes and claiming gift cards.
However the facility provided by cloud storage to host static websites is exploited - so when a recipient of the SMS clicks on the link, they are directed to the static website stored in the storage bucket.
This website then automatically forwards or redirects users to the embedded spam URLs or dynamically generated URLs using JavaScript, all without the user’s awareness.
Platforms such as Amazon S3, Google Cloud Storage, Backblaze B2, and IBM Cloud Object Storage have been detected as being exploited here.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
