SentinelLabs, the research team from security provider SentinelOne, reports that a new toolkit dubbed AlienFox is targeting cloud-based and SaaS email hosting services.
AlienFox is a highly modular toolkit and evolves regularly, according to SentinelLabs. AWS SES (Simple Email Server) and Office 365 are among the services targeted. Newer versions of the toolkit are able to automate part of the attack process. The goal of attackers is to get API keys and secrets from these services.
Attackers are distributing the toolkit on Telegram, which makes its origin difficult to trace. Most of the tools are open-source, allowing AlienFox to adapt quickly. Moreover, some modules are available on GitHub, so any attacker may use them. The SentinelLabs team notes that attackers target their victims on an opportunistic basis. Where it finds a configuration error on the servers of a web framework, it strikes.
SentinelLabs notes a current trend toward attacking cloud services, in which case targets are not directly suitable for cryptomining, for example. However, users still become more vulnerable to new attacks in the process. This is due to the fact that cybercriminals are able to obtain data that can lead to the discovery of security weaknesses in the services in question.
Also read: SentinelOne and Wiz team up for better cloud security