AWS Partners Company CyberSecurity Posture

amazon.com
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

AWS Partners and AWS Marketplace sellers are uniquely positioned to help businesses take full advantage of Amazon Web Services (AWS) and accelerate your journey to the cloud. AWS has millions of active customers and over 100,000 Partners globally. More than 90% of Fortune 100 companies and the majority of Fortune 500 companies use AWS Partner solutions and services. Whether you are a fast growing startup, small-medium or large enterprise, or leading government agency, AWS Partners have deep technical expertise and the experience to support virtually every use case, industry, and workload. For businesses actively searching for software on AWS that you can test, buy, and deploy, AWS Marketplace is a digital catalog with thousands of software listings from independent software vendors, including many AWS Partners. AWS Marketplace transforms the way organizations approach software discovery, procurement, provisioning, and governance. It helps customers find and access a breadth of software products across categories like infrastructure, security, big data, and business applications, and streamlines the traditional software supply chain to enable digital transformation.

AWS Partners A.I CyberSecurity Scoring

AWS Partners

Company Details

Linkedin ID:

aws-partners

Website:

https://aws.amazon.com/partners/work-with-partners/

Employees number:

None

Number of followers:

48,207

NAICS:

5415

Industry Type:

IT Services and IT Consulting

Homepage:

amazon.com

IP Addresses:

Scan still pending

Company ID:

AWS_1652491

Scan Status:

In-progress

AI scoreAWS Partners Risk Score (AI oriented)

Between 700 and 749

https://images.rankiteo.com/companyimages/aws-partners.jpeg
AWS Partners IT Services and IT Consulting
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscoreAWS Partners Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/aws-partners.jpeg
AWS Partners IT Services and IT Consulting
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

AWS Partners

Moderate
Current Score
745
Ba (Moderate)
01000
1 incidents
-16.0 avg impact

Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.

DECEMBER 2025
761
Cyber Attack
29 Dec 2025 • LinkedIn and AWS: FIN6 exploits HR workflows to breach corporate defenses
FIN6 Skeleton Spider Campaign Targeting HR Professionals via Fake Job Applications

**FIN6 Exploits Cloud Infrastructure in Sophisticated HR-Targeted Phishing Campaign** The financially motivated cybercrime group **FIN6** (also known as *Skeleton Spider*) is leveraging **fake job applications** and **trusted cloud services** to target human resources (HR) professionals in a highly evasive social engineering campaign. Researchers at **DomainTools** uncovered the operation, which combines **professional networking platforms** like LinkedIn and Indeed with **malware-hosted cloud infrastructure** to bypass traditional security defenses. ### **How the Attack Works** 1. **Initial Contact** – Attackers pose as job seekers on professional platforms, engaging recruiters to build rapport before sending phishing emails with malicious links. 2. **Fake Resume Sites** – Domains mimicking real applicant names (e.g., *bobbyweisman[.]com*, *ryanberardi[.]com*) are registered via **GoDaddy’s anonymous services** and hosted on **AWS EC2 or S3**, blending into legitimate cloud traffic. 3. **Sophisticated Evasion** – The sites employ **traffic filtering** to distinguish targets from security researchers, checking **IP reputation, geolocation, OS, and browser fingerprints**. Only residential Windows users bypass CAPTCHA walls to receive **malicious ZIP files** containing the **More_eggs backdoor**. 4. **Malware Deployment** – **More_eggs**, a modular JavaScript backdoor, operates in memory to evade detection, enabling **credential theft, command execution, and follow-on attacks**, including ransomware deployment. ### **Why HR is a Prime Target** HR teams frequently interact with external contacts and handle unsolicited communications, making them vulnerable to **social engineering**. The campaign exploits this trust, using **realistic job lures** to bypass email filters and endpoint security. FIN6’s shift from **point-of-sale (POS) breaches** to **enterprise ransomware** underscores its evolution toward higher-value targets. ### **Cloud Abuse & Detection Challenges** Attackers favor **AWS and other cloud platforms** due to: - **Low-cost setup** (free-tier abuse or compromised billing accounts). - **Trusted IP ranges** that evade enterprise network filters. - **Scalability** for hosting malicious infrastructure. The campaign highlights gaps in **perimeter-based security**, as traditional defenses struggle to detect threats embedded in **legitimate cloud services**. Security teams are advised to monitor for **unusual traffic patterns** and **suspicious file types** linked to cloud-hosted malware. ### **AWS Response & Broader Implications** An **AWS spokesperson** stated the company enforces **terms prohibiting illegal use** and acts swiftly on abuse reports. However, the incident raises questions about balancing **cloud accessibility** with **security controls**, particularly as threat actors increasingly exploit **trusted infrastructure**. FIN6’s operation demonstrates how **low-complexity phishing**, when paired with **cloud evasion techniques**, can outmaneuver even advanced detection tools—reinforcing the need for **holistic security strategies** that address both **technical and human vulnerabilities**.

745
low -16
LINAWS1766995316
Incident Details -
Type
Phishing/Social Engineering, Malware Delivery
Attack Vector
Phishing emails with malicious links, fake resume portfolios hosted on AWS
Vulnerability Exploited
Human psychology (trust in job applications), abuse of trusted cloud infrastructure (AWS EC2/S3)
Motivation
Financial gain, credential theft, follow-on attacks (e.g., ransomware deployment)
Impact
Data Compromised: Credentials, sensitive employee data, system access Systems Affected: HR systems, corporate networks Operational Impact: Potential disruption of HR operations, follow-on attacks (e.g., ransomware) Brand Reputation Impact: Potential reputational damage due to compromised HR processes Identity Theft Risk: High (credential theft, PII exposure)
Response
Containment Measures: AWS Trust & Safety abuse reporting process, disabling prohibited content Remediation Measures: Layered defenses, enhanced monitoring for unusual traffic patterns/file types, additional verification procedures for resume submissions Enhanced Monitoring: Recommended (vigilance for unusual traffic patterns or file types)
Data Breach
Type Of Data Compromised: Credentials, personally identifiable information (PII), sensitive employee data Sensitivity Of Data: High (PII, credentials, HR data) Data Exfiltration: Possible (More_eggs malware enables follow-on attacks) File Types Exposed: Malicious ZIP files containing JavaScript-based malware (More_eggs) Personally Identifiable Information: Yes (credentials, HR data)
Lessons Learned
Traditional perimeter security is insufficient against social engineering tactics. Organizations must adopt holistic security strategies that account for human factors alongside technological defenses. HR personnel are increasingly targeted due to their regular interaction with external contacts.
Recommendations
Implement comprehensive training programs for HR personnel on phishing and social engineering risks. Adopt additional verification procedures for resume submissions and external communications. Enhance monitoring for unusual traffic patterns or file types (e.g., ZIP files from unexpected sources). Use layered defenses (e.g., behavioral WAF, network segmentation) to detect and block malicious activity. Report abuse of cloud services (e.g., AWS) to platform providers for takedown. Maintain vigilance for cloud-hosted phishing sites using trusted IP ranges.
Initial Access Broker
Entry Point: LinkedIn, Indeed (professional networking platforms) Backdoors Established: More_eggs malware (JavaScript backdoor) High Value Targets: HR professionals, recruiters
Post Incident Analysis
Exploitation of trust in professional networking platforms (LinkedIn/Indeed). Abuse of trusted cloud infrastructure (AWS EC2/S3) to host malicious content. Sophisticated traffic filtering to evade detection (IP reputation, geolocation, OS fingerprinting). Use of CAPTCHA to bypass automated security scanners. Lack of verification procedures for external communications in HR workflows. Implement stricter verification for external communications (e.g., resume submissions). Enhance monitoring for cloud-hosted phishing sites using trusted IP ranges. Train HR personnel on social engineering risks and phishing tactics. Adopt layered security defenses (e.g., behavioral WAF, network segmentation). Collaborate with cloud providers to report and disable abusive content.
References
Blog URL Source URL
NOVEMBER 2025
761
OCTOBER 2025
761
SEPTEMBER 2025
761
AUGUST 2025
761
JULY 2025
761
JUNE 2025
761
MAY 2025
761
APRIL 2025
761
MARCH 2025
761
FEBRUARY 2025
761
JANUARY 2025
761

Frequently Asked Questions

According to Rankiteo, the current A.I.-based Cyber Score for AWS Partners is 745, which corresponds to a Moderate rating.

According to Rankiteo, the A.I. Rankiteo Cyber Score for November 2025 was 761.

According to Rankiteo, the A.I. Rankiteo Cyber Score for October 2025 was 761.

According to Rankiteo, the A.I. Rankiteo Cyber Score for September 2025 was 761.

According to Rankiteo, the A.I. Rankiteo Cyber Score for August 2025 was 761.

According to Rankiteo, the A.I. Rankiteo Cyber Score for July 2025 was 761.

According to Rankiteo, the A.I. Rankiteo Cyber Score for June 2025 was 761.

According to Rankiteo, the A.I. Rankiteo Cyber Score for May 2025 was 761.

According to Rankiteo, the A.I. Rankiteo Cyber Score for April 2025 was 761.

According to Rankiteo, the A.I. Rankiteo Cyber Score for March 2025 was 761.

According to Rankiteo, the A.I. Rankiteo Cyber Score for February 2025 was 761.

According to Rankiteo, the A.I. Rankiteo Cyber Score for January 2025 was 761.

Over the past 12 months, the average per-incident point impact on AWS Partners’s A.I Rankiteo Cyber Score has been -16.0 points.

You can access AWS Partners’s cyber incident details on Rankiteo by visiting the following link: https://www.rankiteo.com/company/aws-partners.

You can find the summary of the A.I Rankiteo Risk Scoring methodology on Rankiteo by visiting the following link: Rankiteo Algorithm.

You can view AWS Partners’s profile page on Rankiteo by visiting the following link: https://www.rankiteo.com/company/aws-partners.

With scores of 18.5/20 from OpenAI ChatGPT, 20/20 from Mistral AI, and 17/20 from Claude AI, the A.I. Rankiteo Risk Scoring methodology is validated as a market leader.