Cybercriminals Exploit Cloud Storage For SMS Phishing Scams

Security researchers have uncovered a series of criminal campaigns that exploit cloud storage services. These campaigns, orchestrated by unnamed threat actors, aim to deceive users into visiting malicious websites through SMS messages. According to a technical analysis released by Enea today, the attackers have two main objectives. Firstly, they want to ensure that their scam text messages reach mobile devices without being detected by network firewalls. Secondly, they strive to convince end users that the messages or links they receive are trustworthy, thus increasing the likelihood of them clicking on the malicious URLs.

Security Officer Comments:
By utilizing cloud storage platforms to host static websites containing embedded spam URLs, attackers create an illusion of legitimacy and manage to evade common security measures. These cloud storage services are typically used by organizations for file storage and hosting static websites through storage buckets. Cybercriminals exploit this functionality by inserting spam URLs into static websites stored on these platforms. They then distribute these URLs via SMS messages, which often bypass firewall restrictions due to the perceived legitimacy of well-known cloud domains. Once users click on these links, they are redirected to malicious sites without their knowledge.

Suggested Corrections:
To counter these threats, Enea recommends vigilant monitoring of traffic behavior, thorough inspection of URLs, and caution when encountering unexpected messages containing links. These practices can help mitigate the risks associated with malicious campaigns exploiting cloud services.