Did you know the story about how Amazon stopped some Russian hackers? It's like a secret spy type story, but it's true! I will tell you this story in easy words.
The counterfeit web pages replicated a cloudflare security check page, but was fake. They were trying to get those visitors to agree to a counterfeit Microsoft 365 login page before they realized it was happening. If anyone did enter their passwords, the hackers would have access to all that and generally cause damage. They used clever deceptions to hide:
They employed clever tricks to hide:
• Base64 encoded (for obfuscation)
• Cookies that prevented users from seeing the redirect twice.
• Random redirects that they called "normal".
Clever but disturbing.
• They terminated the malicious servers on AWS EC2.
• They collaborated with Cloudflare and Microsoft to block the fraudulent domains.
• They persisted to push back against the attackers even when they created new domains labelling them cloudflare.redirectpartners[.]com.
Amazon's response was unprecedented - they did not stop at one, they really took it right to the hackers.
• Be aware of redirects. If a page changes suddenly, investigate to see what is happening.
• Don't approve login requests unless you are 100% confident that it is your legitimate device.
• Make sure that you are using multi-factor authentication. This will strengthen the lock on your account.
• Don't just copy and paste commands you find online and input it into your system.
While these may seem pretty basic, they are going to save a lot of people a headache down the road.
So is there good news? Amazon confirmed that they were not hacked! This was just hacking your Microsoft 365 login information through fake redirects. However is shows the slick new tricks that hackers have going to scam individuals.
The Story
The Russian Hacker group APT29 (Cozy Bear or Midnight Blizzard) was stealthily raiding websites. They hacked some reputable 3rd party sites we have all heard of and then redirected a small portion (10% of traffic) of those sites into counterfeit web pages.The counterfeit web pages replicated a cloudflare security check page, but was fake. They were trying to get those visitors to agree to a counterfeit Microsoft 365 login page before they realized it was happening. If anyone did enter their passwords, the hackers would have access to all that and generally cause damage. They used clever deceptions to hide:
They employed clever tricks to hide:
• Base64 encoded (for obfuscation)
• Cookies that prevented users from seeing the redirect twice.
• Random redirects that they called "normal".
Clever but disturbing.
Amazon's Quick Action
Once Amazon was notified of the attack, they swiftly began their efforts to mitigate the threat:• They terminated the malicious servers on AWS EC2.
• They collaborated with Cloudflare and Microsoft to block the fraudulent domains.
• They persisted to push back against the attackers even when they created new domains labelling them cloudflare.redirectpartners[.]com.
Amazon's response was unprecedented - they did not stop at one, they really took it right to the hackers.
What You Can Do
Even if you are not a victim, all of us have a message here to take home. Amazon provided some quick tips that can be useful for all of us:• Be aware of redirects. If a page changes suddenly, investigate to see what is happening.
• Don't approve login requests unless you are 100% confident that it is your legitimate device.
• Make sure that you are using multi-factor authentication. This will strengthen the lock on your account.
• Don't just copy and paste commands you find online and input it into your system.
While these may seem pretty basic, they are going to save a lot of people a headache down the road.
Why it's Important
Think about it - you have a URL that you deliberately went to (that you trust) and almost unknowingly end up on a fake page? That was the point of these hackers!So is there good news? Amazon confirmed that they were not hacked! This was just hacking your Microsoft 365 login information through fake redirects. However is shows the slick new tricks that hackers have going to scam individuals.
