February 15, 2024 at 09:13AM
Threat actors are conducting an innovative “smishing” campaign using AWS SNS and a custom script to impersonate the US Postal Service. This abuse of cloud-based messaging platforms reflects a growing trend. The SNS Sender attack lures users with fake USPS notifications to steal personally identifiable information and payment-card details. Businesses face serious risks, including compromised SMS capabilities and damage to their reputation.
In summary, the meeting notes highlight a new cyberattack technique where threat actors are using Amazon Web Services Simple Notification Service (AWS SNS) and a custom bulk-messaging spam script called SNS Sender to conduct a “smishing” campaign impersonating the US Postal Service. This campaign presents serious risks for businesses, as attackers are compromising legitimate cloud instances to send phishing text messages and steal personal information from unsuspecting individuals, particularly targeting senior citizens. The use of AWS SNS presents challenges for the attackers, as it requires legitimate, trusted credentials and properly configured SNS capabilities. The compromised businesses could face a damaged reputation, loss of SMS capabilities, and potential legal and financial implications. To avoid such attacks, organizations are recommended to ensure basic security hygiene and protect their cloud credentials and services from exposure.