| ID | Name |
|---|---|
| T1496.001 | Compute Hijacking |
| T1496.002 | Bandwidth Hijacking |
| T1496.003 | SMS Pumping |
| T1496.004 | Cloud Service Hijacking |
Adversaries may leverage messaging services for SMS pumping, which may impact system and/or hosted service availability.[1] SMS pumping is a type of telecommunications fraud whereby a threat actor first obtains a set of phone numbers from a telecommunications provider, then leverages a victim’s messaging infrastructure to send large amounts of SMS messages to numbers in that set. By generating SMS traffic to their phone number set, a threat actor may earn payments from the telecommunications provider.[2]
Threat actors often use publicly available web forms, such as one-time password (OTP) or account verification fields, in order to generate SMS traffic. These fields may leverage services such as Twilio, AWS SNS, and Amazon Cognito in the background.[1][3] In response to the large quantity of requests, SMS costs may increase and communication channels may become overwhelmed.[1]
| ID | Mitigation | Description |
|---|---|---|
| M1013 | Application Developer Guidance |
Consider implementing CAPTCHA protection on forms that send messages via SMS. |
| ID | Data Source | Data Component | Detects |
|---|---|---|---|
| DS0015 | Application Log | Application Log Content |
Monitor for excessive use of SMS services, especially on public sign-up forms. For example, alert on large quantities of messages sent to adjacent numbers. In SMS-based OTP flows, monitor for large quantities of incomplete verification cycles.[2] In Amazon Cognito environments, monitor for spikes in calls to the |