At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Office 365 Phishing Campaign Abuses Stolen Amazon SES Token

    Phishing Campaign

    A surge in spearphishing emails designed to steal Office 365 credentials include some that were rigged to look like they came from major brands, including Kaspersky.

    According to a Kaspersky security bulletin, two phishing kits identified as “Iamtheboss” and “MIRCBOOT’ are being used together by multiple threat actors to send fake fax notifications.

    “The phishing e-mails are usually arriving in the form of ‘fax notifications’ and lure users to fake websites collecting credentials for Microsoft online services,” according to the bulletin.

    One phishing campaign tracked by researchers appear to abuse an Amazon service called Amazon Simple Email Service (SES), designed to let developers send email messages from apps. The campaign, identified by Kaspersky, relied on a now-revoked stolen SES token used by a third-party contractor during the testing of the website 2050.earth.

    The 2050.earth site is a Kaspersky project that features an interactive map illustrating what futurologists predict to be the future impact of technology on the planet. The stolen SES token is tied to Kaspersky and SES because the 2050.earth site is hosted on the Amazon infrastructure.

    “These emails have various sender addresses, including but not limited to noreply@sm.kaspersky.com. They are sent from multiple websites including Amazon Web Services infrastructure,” the security bulletin warned. The company said the stolen SES token was only abused in a limited capacity relative to an otherwise large-scale campaign abusing multiple brands.

    The theft caused no damage, according to the advisory. “No server compromise, unauthorized database access or any other malicious activity was found at 2050.earth and associated services,” it said.

    Cybercrooks abusing the Amazon SES token are attempting to give their “fax notifications” an appearance of legitimacy by allowing them to identify the sender as “sm.kaspersky.com”.

    Security Awareness Training is the means by which organizations teach users how to stay in that ever-vigilant mode when interacting with email and the web. By doing so, instead of taking everything at face value and believe it by default, users interact with unfamiliar content like this in a far-more scrutinizing manner and are less likely to become victims.

    With thanks to the Cyber Defence Alliance and Threatpost. The full story is here: https://threatpost.com/office-365-phishing-campaign-kasperskys-amazon-ses-token/175915/

    Free Phish Alert Button

    Do your users know what to do when they receive a phishing email? KnowBe4’s Phish Alert Button gives your users a safe way to forward email threats to the security team for analysis and deletes the email from the user’s inbox to prevent future exposure. All with just one click! Phish Alert benefits: 

    home-KnowBe4-Phish-Alert-2

    Here’s how it works:

    • Reinforces your organization’s security culture
    • Users can report suspicious emails with just one click
    • Incident Response gets early phishing alerts from users, creating a network of “sensors”
    • Email is deleted from the user’s inbox to prevent future exposure
    • Easy deployment via MSI file for Outlook, G Suite deployment for Gmail (Chrome)
    Get Your Phish Alert Button!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/free-phish-alert-partner?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top