Researchers Identify 'Smishing' Attack that Uses AWS SNS

A first-of-its-kind "smishing" attack is using Amazon Web Services' Simple Notification Service, or SNS, to impersonate the United States Postal Service.

"Smishing" refers to an attack in which phishing messages are sent in bulk via SMS. This particular attack, which was recently described by researchers at SentinelLabs (which is owned by security firm SentinelOne), sent messages that "often [took] the guise of a message from the United States Postal Service (USPS) regarding a missed package delivery," with the goal of stealing customers' payment card details, addresses and other personally identifiable information.

SentinelLabs identified the culprit as a Python-based script called "SNS Sender." Its success relies on access to compromised AWS SNS credentials from accounts that have opted out of AWS' SNS sandbox security measures. It may be the first such script to do so, based on the researchers' findings.

"SNS Sender is the first script we encountered using AWS SNS to send spam texts," they said in a blog post last week. "While other tools like AlienFox have used business to customer (B2C) communications platforms such as Twilio to conduct SMS spamming attacks, we are unaware of existing research that details tools abusing AWS SNS to conduct such attacks."

The attack only works if the AWS SNS account holder is not using the protected sanbox option. The SNS sandbox, which AWS implements by default, lets users test their SMS messages by first sending them to a limited number of verified recipients. That limit only gets removed after the account holder petitions AWS to move out of the sandbox and into production.

More detailed information about SNS Sender's inner workings is in the SentinelLabs blog. To protect their AWS SNS credentials, the researchers recommend that account holders review AWS' guidance for moving out of the sandbox and "how to change sending limits."

In addition, "Identity and Access Management (IAM) administrators should review identity best practices to optimize their organization's security posture," the report suggested.

The full report is available here on the SentinelLabs site.

About the Author

Gladys Rama (@GladysRama3) is the editorial director of Converge360.

Featured

  • interconnected cloud icons with glowing lines on a gradient blue backdrop

    Report: Cloud Certifications Bring Biggest Salary Payoff

    It pays to be conversant in cloud, according to a new study from Skillsoft The company's annual IT skills and salary survey report found that the top three certifications resulting in the highest payoffs salarywise are for skills in the cloud, specifically related to Amazon Web Services (AWS), Google Cloud, and Nutanix.

  • a hobbyist in casual clothes holds a hammer and a toolbox, building a DIY structure that symbolizes an AI model

    Ditch the DIY Approach to AI on Campus

    Institutions that do not adopt AI will quickly fall behind. The question is, how can colleges and universities do this systematically, securely, cost-effectively, and efficiently?

  • minimalist geometric grid pattern of blue, gray, and white squares and rectangles

    Windows Server 2025 Release Offers Cloud, Security, and AI Capabilities

    Microsoft has announced the general availability of Windows Server 2025. The release will enable organizations to deploy applications on-premises, in hybrid setups, or fully in the cloud, the company said.

  • digital brain made of blue circuitry on the left and a shield with a glowing lock on the right, set against a dark background with fading binary code

    AI Dominates Key Technologies and Practices in Cybersecurity and Privacy

    AI governance, AI-enabled workforce expansion, and AI-supported cybersecurity training are three of the six key technologies and practices anticipated to have a significant impact on the future of cybersecurity and privacy in higher education, according to the latest Cybersecurity and Privacy edition of the Educause Horizon Report.