Researchers Identify 'Smishing' Attack that Uses AWS SNS

A first-of-its-kind "smishing" attack is using Amazon Web Services' Simple Notification Service, or SNS, to impersonate the United States Postal Service.

"Smishing" refers to an attack in which phishing messages are sent in bulk via SMS. This particular attack, which was recently described by researchers at SentinelLabs (which is owned by security firm SentinelOne), sent messages that "often [took] the guise of a message from the United States Postal Service (USPS) regarding a missed package delivery," with the goal of stealing customers' payment card details, addresses and other personally identifiable information.

SentinelLabs identified the culprit as a Python-based script called "SNS Sender." Its success relies on access to compromised AWS SNS credentials from accounts that have opted out of AWS' SNS sandbox security measures. It may be the first such script to do so, based on the researchers' findings.

"SNS Sender is the first script we encountered using AWS SNS to send spam texts," they said in a blog post last week. "While other tools like AlienFox have used business to customer (B2C) communications platforms such as Twilio to conduct SMS spamming attacks, we are unaware of existing research that details tools abusing AWS SNS to conduct such attacks."

The attack only works if the AWS SNS account holder is not using the protected sanbox option. The SNS sandbox, which AWS implements by default, lets users test their SMS messages by first sending them to a limited number of verified recipients. That limit only gets removed after the account holder petitions AWS to move out of the sandbox and into production.

More detailed information about SNS Sender's inner workings is in the SentinelLabs blog. To protect their AWS SNS credentials, the researchers recommend that account holders review AWS' guidance for moving out of the sandbox and "how to change sending limits."

In addition, "Identity and Access Management (IAM) administrators should review identity best practices to optimize their organization's security posture," the report suggested.

The full report is available here on the SentinelLabs site.

About the Author

Gladys Rama (@GladysRama3) is the editorial director of Converge360.

Featured

  • abstract geometric pattern of glowing interconnected triangles, hexagons, and circles in blue, gold, and white, spread across a dark navy-to-black gradient background

    OpenAI Unveils 'Operator' AI for Performing Web Tasks

    OpenAI has launched "Operator," an AI agent designed to perform web-based tasks autonomously using its own browser. Currently available as a research preview for Pro users in the United States, the tool aims to automate everyday activities such as filling out forms, ordering groceries, and even creating memes.

  • digital bookshelf displayed on a computer screen

    OverDrive, Ex Libris Integration Streamlines Discovery of Digital Content

    OverDrive, a provider of digital resources for schools and libraries, has announced an integration with library management provider Ex Libris that will allow academic institutions to discover the former's e-books and audiobooks within the Alma and Primo library services platforms.

  • interconnected cubes and circles arranged in a grid-like structure

    Hugging Face Gradio 5 Offers AI-Powered App Creation and Enhanced Security

    Hugging Face has released version 5 of its Gradio open source platform for building machine learning (ML) applications. The update introduces a suite of features focused on expanding access to AI, including a novel AI-powered app creation tool, enhanced web development capabilities, and bolstered security measures.

  • futuristic crystal ball with holographic data projections

    Call for Opinions: 2025 Predictions for Higher Ed IT

    How will the technology landscape in higher education change in the coming year? We're inviting our readership to weigh in with their predictions, wishes, or worries for 2025.