Cybersecurity firm Kaspersky reports that the Amazon Simple Email Service (SES) is being increasingly abused to send convincing phishing emails that can bypass standard security filters and render reputation-based blocks ineffective.
Although the resource has been leveraged for malicious activity in the past, Kaspersky says the current spike may be due to a large number of AWS Identity and Access Management access keys exposed in public assets.
Because it is a legitimate, trusted resource, phishing operations can leverage Amazon SES to send out malicious emails that pass authentication checks.
Kaspersky researchers note in a report today that they’ve “observed an uptick in phishing attacks leveraging Amazon SES” to deliver links that redirect to a malicious site.
Source: Kaspersky
The researchers believe the main driver of this abuse is the increasing exposure of AWS credentials in GitHub repositories, .ENV files, Docker images, backups,…
