Permiso Discovers Smishing Attack to Steal AWS Credentials

Permiso, a provider of a platform for correlating IT events to identities, today disclosed the discovery of an attack through which cybercriminals are employing text messages to steal credentials that enable them to access Amazon Web Services (AWS) infrastructure.

Nathan Eades, a threat researcher for Permiso, said cybercriminals are leveraging Simple Notification Service (SNS) to target Short Message Service (SMS) capabilities to launch a variation of a phishing campaign to gain access to AWS credentials. Known as a “smishing” attack, that goal is to steal the credentials of AWS administrators that use mobile devices to remotely log into AWS accounts, said Eades.

Once access is gained, cybercriminals can then use an SNS Publish action and send a message to any provided phone number or an application that can be used to access accounts. Cybercriminals can then either use those compromised credentials to plant malware or resell those credentials to another cybercriminal entity, he noted. They might also simply destroy the environment by exhausting available quotas to make an AWS service unusable, added Eades…