DarkOwl Releases Research on Threats to Cloud Security from the darknet perspective
As threats to cloud providers and applications continue to rise, we put together a comprehensive review of how these attack vectors and methodologies are proliferated on the darknet.
DarkOwl has investigated threats to cloud-based platforms and applications discussed on the darknet in order to identify threat actors that are specifically targeting cloud environments. Our investigation was initially targeted, and subsequently widened to include a broad range of cloud environments; from compromising personal iCloud accounts to hacking large-scale infrastructures such as Microsoft Azure and Amazon Web Services (AWS).
Attack Methodology
Understanding the attack vector against cloud-based platforms is the first step to understanding where to start the darknet research. Fortunately, there are many discussions across the information security community on technical approaches to penetrating a cloud-based network for malicious intention.
As with any information network, one of the simplest ways to gain access is through targeted social engineering and/or credential compromise. Social engineering AWS/Azure network users through the use of fabricated emails, calls or social media is a proven approach to obtaining user credentials. If a user has API keys for accessing the platform, general phishing techniques can be easily employed to gain access to the user’s computer and other accounts, where the attacker could then pull the API keys for said AWS user. One hacker emphasized the importance of learning as much as you can about a target organization in social engineering, highlighting that AWS is no exception. Threat actors target information such as AWS account ids, Amazon Resource Names (ARNs), IP addresses, Role Names, and other related AWS information in order to start an attack on the network (ref).
Some hackers have successfully employed sending SMS text messages to targeted network users. The SMS includes a malicious link that “appears to be a legitimate platform notification” for password reset, and in the process, the authentication credentials are captured. Amazon includes a number of user-friendly URLs for accessing the AWS console or AWS SSO user panels.
The following URLs could be adapted for targeted phishing or once the target name is identified the threat actor could attempt to brute force the legitimate links:
IAM User Sign-In Link (name): https://name.signin.aws.amazon.com/console
IAM User Sign-In Link (account id): https://accountid.signin.aws.amazon.com/console
AWS SSO Start Page: https://name.awsapps.com/start
Please read our full research here: https://www.darkowl.com/blog-content/darknet-threats-to-cloud-based-platforms-and-applications
( Press Release Image: https://photos.webwire.com/prmedia/58814/261345/261345-1.png )
WebWireID261345
Darknet Threat To Cloud- Contact Information
- Kim Ketchel
- Director of Marketing
- DarkOwl
- kimketchel@darkowl.com
This news content may be integrated into any legitimate news gathering and publishing effort. Linking is permitted.
News Release Distribution and Press Release Distribution Services Provided by WebWire.