Cybersecurity company Sentinel Labs has discovered a new malvertising campaign targeting AWS users. Sentinel Labs warns that cybercriminals have established a campaign on Google Ads programs that take users to a fake landing page to steal their credentials and other details.

What Is a Malvertising Campaign?
A malvertising campaign is a digital ad intended to inject malicious code when clicked. It is complex and challenging to carry out, as shown by the investigation carried out by Sentinel Labs on Jan. 30, 2023.

The malicious ad appears second in most search results after typing “aws” in the search bar, making it look credible. It avoided Google’s fraud detection systems by using redirections of its landing page.

“The ad itself goes to a hop domain, which is an actor-controlled blogger website,” says Tom Hegel, the senior threat researcher in Sentinel Labs.

Users land on a page designed to phish for their credentials. After submitting, visitors are redirected to the legitimate landing page of AWS. It is an effort to evade detection by the most cautious users and automated monitors.

Furthermore, the fake landing page asks victims to select if they are root or IAM users. That helps the cybercriminals categorize the value of the stolen data.

They use JavaScript code to take it further and disable controls like right clicks, keyboard shortcuts, and middle mouse button clicks. Researchers speculate that this was to discourage potential victims from navigating away from the landing page.

Actions Taken
According to the investigation, the attackers are probably Brazilian. CloudFlare received the report and promptly shut down the malicious account connected to the campaign. However, Google ads were still active during that time.

Criminals would try to leverage legitimate platforms to conduct their nefarious activities. It gives their campaign a fake veil of credibility. Who would think that an ad shown and sponsored by Google would be malicious?

Protecting Your Business Credentials 
Businesses need to have their team take training regarding cybersecurity and how to identify potential threats. You can never be too careful when on the internet, whether it is surfing, researching, or communicating with someone.

All it takes is one click for an attack to be successful. And that is what criminals count on, that single second you let your guard down. Do not give them that opportunity.

Related Posts - TKS Blog

TKS Newsletter - 2024 December
Here's our December 2024 Newsletter Read the full PDF version here: The TKS Sentinel - December Issue In this month's edition, we discuss: Ransomware Threats PDF Hijacking ...
Read more
zero trust protections
Zero Trust Cybersecurity: Essential for Keeping Your Data Secure
As cyber threats become increasingly sophisticated, businesses can no longer rely solely on traditional methods to protect their data. Hackers are no longer trying to...
Read more
voice technology options
Harnessing the Power of Voice Technology
Voice technology is quickly becoming one of the most valuable tools for businesses seeking to improve customer interactions, streamline operations, and cut costs. With...
Read more
email security tips
Enhance Your Email Security in 6 Simple Steps
6 Simple Steps to Enhance Your Small Business Email Security Email is one of the most commonly used tools in business today—but it’s also a prime...
Read more

Used with permission from Article Aggregator