AWS SES production access granted
Description
AlphaSOC detected that AWS Simple Email Service (SES) production access was enabled for an account. This setting allows the account to send emails to recipients outside the AWS SES sandbox environment. Adversaries might enable production access to launch phishing campaigns or send spam emails from a compromised account.
Impact
Enabling AWS SES production access allows threat actors to send large volumes of emails to any recipient, potentially leading to phishing attacks, spam campaigns, or distribution of malware. This can damage the organization's reputation.
Severity
Severity | Condition |
---|---|
Low | AWS SES production access granted |
Investigation and Remediation
Investigate the account that enabled AWS SES production access to determine if the action was authorized. If unauthorized, contact AWS Support to revoke the production access, rotate all associated credentials, and investigate for other signs of compromise.