Do you use Google Ads to find products?
Cybersecurity company Sentinel Labs has discovered a new malvertising campaign targeting AWS users. Sentinel Labs warns that cybercriminals have established a campaign on Google Ads programs that take users to a fake landing page to steal their credentials and other details.
What is a malvertising campaign?
A malvertising campaign is a digital ad intended to inject malicious code when clicked. It is complex and challenging to carry out, as shown by the investigation carried out by Sentinel Labs on Jan. 30, 2023.
The malicious ad appears second in most search results after typing “aws” in the search bar, making it look credible. It avoided Google’s fraud detection systems by using redirections of its landing page.
“The ad itself goes to a hop domain, which is an actor-controlled blogger website,” says Tom Hegel, the senior threat researcher in Sentinel Labs.
Users land on a page designed to phish for their credentials. After submitting, visitors are redirected to the legitimate landing page of AWS. It is an effort to evade detection by the most cautious users and automated monitors.
Furthermore, the fake landing page asks victims to select if they are root or IAM users. That helps the cybercriminals categorize the value of the stolen data.
They use JavaScript code to take it further and disable controls like right clicks, keyboard shortcuts, and middle mouse button clicks. Researchers speculate that this was to discourage potential victims from navigating away from the landing page.
Actions taken
According to the investigation, the attackers are probably Brazilian. CloudFlare received the report and promptly shut down the malicious account connected to the campaign. However, Google ads were still active during that time.
Criminals would try to leverage legitimate platforms to conduct their nefarious activities. It gives their campaign a fake veil of credibility. Who would think that an ad shown and sponsored by Google would be malicious?
Protecting your business credentials
Businesses need to have their team take training regarding cybersecurity and how to identify potential threats. You can never be too careful when on the internet, whether it is surfing, researching, or communicating with someone.
My perspective
All it takes is one click for an attack to be successful. And that is what criminals count on, that single second you let your guard down. Do not give them that opportunity.
"If you want to achieve excellence, you can get there today.
As of this second, quit doing less-than-excellent work." -Thomas J. Watson
By Denis Wilson
Thanks for reading this post. I always take into mind that your time and attention are precious. And these posts need to be timely, to the point, and short. For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, YouTube, and Facebook.
I am also a published author and speaker on cloud computing, work-from-anywhere, and cybersecurity. I work extensively with business and professional associations to provide small business technology education programs.
Contact me if you have any questions about the subject.
I'd be happy to spend 15 minutes discussing it with you.
