According to a new post on Securelist, Kaspersky’s research blog, cybercriminals have been using Amazon’s Simple Storage Service (Amazon S3) as a launching point for their SpyeEye operation for at least a couple of weeks.
Researcher Jorge Mieres writes that cyber criminals are drawn to Amazon’s S3 offering for its gigabytes of storage, which they can use to host Web based attacks. Though S3 requires users to register to get access to their accounts, cyber criminals have steered around that roadblock by registering their AWS account using stolen credit cards and personal information.
This certainly isn’t the first time we’ve observed scammers using cloud services to devious purposes. In fact, we reported in early June that researchers had discovered a number of domains on Amazon’s cloud platform that were being used to install malware as part of spam and phishing campaigns designed to steal banking credentials and other sensitive data.
Furthermore, the attacks themselves aren’t new. The difference is that instead of hosting the malicious site on a bulletproof hosting service or a compromised domain, they’re using domains hosted by Amazon.