Cyber criminals have launched a phishing campaign, also called "phishing" since the end of July. They target individuals within companies through emails to achieve corporate data theft.
A phishing campaign (or "phishing") targeted since the end of July "specific individuals within companies" using Amazon's online hosting service, Amazon Public Cloud Storage, warned Wednesday, August 21 the company Proofpoint computer security system.
"This attack is usurping the Docusign brand," an American company offering electronic signature and transaction management solutions, "by copying the formatting of emails to target specific individuals within companies," said a statement from Proofpoint. "The landing pages for the campaign are hosted at Amazon Public Cloud Storage (S3). "
"Amazon web service"
"Although the use of Amazon Web Services has been relatively rare so far, this is just one more example of how cybercriminals succeed while escaping surveillance," says Chris Dawson, an expert in crime prevention. Proofpoint. "The use of public cloud services is helping cyber criminals to fly under the radar of a variety of detection and mitigation. "
The cybersecurity company also investigated cybercriminals "using other public cloud infrastructures of large companies for such purposes," citing Microsoft's GitHub and Blob Azure services, for example.
In July, the French Ministry of the Interior reported that nearly 80% of companies reported being the target of at least one cyberattack in 2018, a stable figure compared to 2017. The average damage of a theft of data for each company was valued at "several million euros".