Researchers Identify 'Smishing' Attack that Uses AWS SNS

A first-of-its-kind "smishing" attack is using Amazon Web Services' Simple Notification Service, or SNS, to impersonate the United States Postal Service.

"Smishing" refers to an attack in which phishing messages are sent in bulk via SMS. This particular attack, which was recently described by researchers at SentinelLabs (which is owned by security firm SentinelOne), sent messages that "often [took] the guise of a message from the United States Postal Service (USPS) regarding a missed package delivery," with the goal of stealing customers' payment card details, addresses and other personally identifiable information.

SentinelLabs identified the culprit as a Python-based script called "SNS Sender." Its success relies on access to compromised AWS SNS credentials from accounts that have opted out of AWS' SNS sandbox security measures. It may be the first such script to do so, based on the researchers' findings.

"SNS Sender is the first script we encountered using AWS SNS to send spam texts," they said in a blog post last week. "While other tools like AlienFox have used business to customer (B2C) communications platforms such as Twilio to conduct SMS spamming attacks, we are unaware of existing research that details tools abusing AWS SNS to conduct such attacks."

The attack only works if the AWS SNS account holder is not using the protected sanbox option. The SNS sandbox, which AWS implements by default, lets users test their SMS messages by first sending them to a limited number of verified recipients. That limit only gets removed after the account holder petitions AWS to move out of the sandbox and into production.

More detailed information about SNS Sender's inner workings is in the SentinelLabs blog. To protect their AWS SNS credentials, the researchers recommend that account holders review AWS' guidance for moving out of the sandbox and "how to change sending limits."

In addition, "Identity and Access Management (IAM) administrators should review identity best practices to optimize their organization's security posture," the report suggested.

The full report is available here on the SentinelLabs site.

About the Author

Gladys Rama (@GladysRama3) is the editorial director of Converge360.

Featured

  • abstract pattern of shapes, arrows and circuit lines

    Internet2 Announces a New President and CEO to Step Up in October

    Internet2, the member-driven nonprofit offering advanced network technology services and cyberinfrastructure to the research and education community has completed its search, which began this past May, for a new president and CEO to take the helm.

  • shield with an AI microchip emblem hovering above stacks of gold coins

    AI Security Spend Surges While Traditional Security Budgets Shrink

    A new Thales report reveals that while enterprises are pouring resources into AI-specific protections, only 8% are encrypting the majority of their sensitive cloud data — leaving critical assets exposed even as AI-driven threats escalate and traditional security budgets shrink.

  • stack of gold coins disintegrates into digital particles against a dark circuit-board background with glowing AI imagery

    MIT Report: Most Organizations See No Business Return on Gen AI Investments

    A recent report out of the MIT Media Lab found that despite $30-40 billion in enterprise spending on generative AI, 95% of organizations are seeing no business return.

  • young man in a denim jacket scans his phone at a card reader outside a modern glass building

    Colleges Roll Out Mobile Credential Technology

    Allegion US has announced a partnership with Florida Institute of Technology (FIT) and Denison College, in conjunction with Transact + CBORD, to install mobile credential technologies campuswide. Implementing Mobile Student ID into Apple Wallet and Google Wallet will allow students access to campus facilities, amenities, and residence halls using just their phones.