The AWS Outage And The Cybersecurity Ripple Effect

By Kate O'Flaherty • 25 November 2025

As the risk of outages surges, what can firms do to manage the cybersecurity ripple effects such as phishing and social engineering?

By Kate O’Flaherty

In October, Amazon Web Services (AWS) was hit by one of the biggest outages in years. While the outage itself caused major disruption, it led to warnings that adversaries were performing cyber-attacks to exploit the chaos during the incident.

Outages have been coming thick and fast over the last two months. Microsoft’s Azure was next to experience one, just one week after AWS. Then in November, infrastructure provider Cloudflare was battered by an outage that crippled multiple websites and apps, giving attackers more opportunities to strike.

The AWS outage and others since show how supplier disruptions can quickly cascade into customer-facing risks, such as phishing and social engineering. As the risk of outages surges, what can firms do to manage this threat?

Attackers Exploit Confusion

Outages are attractive to cyber-criminals because they create confusion among users and organisations, which they can leverage for attacks. For end users, outages are “disorientating, with no instant answers”, Richard Jones, VP northern Europe at Confluent points out.

This environment allows cybercriminals to thrive, taking advantage of victims and their desire for answers, he says. “If you bank with an organisation that relies on AWS for its app, and you don’t know why your current account is suddenly inaccessible, you’re much more likely to fall for a phishing scam asking for your details.”

During the October 2025 AWS outage, criminals quickly began to impersonate AWS and affected services, sending emails and texts promising to “restore access” or “compensate for downtime”, Bruce Jenkins, CISO at Black Duck tells IO.

Following an outage, organisations are often targeted with fraudulent emails claiming to be from a cloud provider or IT support team, says Ross Brewer, VP of Graylog EMEA. These will urge users to “re‑validate your account now”, or “download an urgent patch” when the legitimate service is degraded.

These “urgency-focused scams” use convincing branding and spoofed addresses, preying on users’ anxieties and desire for quick solutions, says Jenkins. “Similar patterns were observed in the 2021 Facebook and Azure outages, where attackers sent fake support messages or account recovery prompts.”

Adding to the issue, the chaos of an outage can be made worse by IT teams, who may inadvertently weaken defences in the rush to restore services. This can see them disabling security controls or expanding permissions, Jenkins says.

Supply Chain Visibility and Dependency Management

As the chance of outages grows, organisations must now prepare the ripple effect that can happen when a trusted third party goes down.

To avoid attackers taking advantage, organisations need strong visibility into their supply chain and cloud dependencies. That means “mapping which services are critical, knowing which cloud region holds them and identifying any single points of failure”, according to Brewer.

Maintaining an updated dependency map and conducting scenario drills, including asking questions such as, “what if our primary cloud platform fails?” are essential and should be part of an organisation’s business resiliency plan, Jenkins advises.

Building redundancy, such as multi-cloud or multi-region architectures, can mitigate risk, but not every workload requires this, says Jenkins. “Contracts should include clear service level agreements (SLAs) and contingency requirements and suppliers should be tiered by criticality.”

Clear and Timely Communication

If a service going down does affect you, clear and timely communication is vital to prevent adversaries exploiting user confusion to orchestrate attacks.

During the AWS outage, initial status updates appeared to lag user reports. Many enterprise customers found the information “sparse and generic”, says Jenkins. “While AWS eventually published a detailed post-mortem and apology, the lack of rapid, transparent updates during the acute phase left a vacuum filled by speculation and phishing attempts.”

While it can be challenging, best practice is to acknowledge issues early, provide regular factual updates and offer safety guidance, he says. “AWS’s post-incident transparency was praised, but real-time communication during the outage could have been improved.”

Yet for the cloud provider and the customer organisation, communication can be difficult during an outage due to the uncertainty involved. “On the one hand you want to share as much information as possible, but on the other you don’t want to lead customers astray by providing information that turns out to be incorrect as the situation evolves,” says James Kretchmar, SVP CTO of cloud technology group at Akamai Technologies. “It can be a difficult balance to strike.”

However, transparency is critical, says Kretchmar: “It keeps customers informed and reduces the opportunity for attackers to exploit uncertainty. Even a simple message saying, ‘we’re aware of the issue, here’s what’s affected and where to get verified updates’ can prevent panic and stop fake alerts from spreading. The goal is to communicate frequently, even when you don’t have all the answers.”

Good Governance and Risk Management

The AWS incident and cascading impact also highlights the fundamentals of good governance and risk management. Cloud outages test these fundamentals, says Jenkins. “Accountability for third-party risks must reside at the executive and board level, with clear ownership of cloud risk strategies.”

As part of this strong contingency planning and business continuity arrangements are essential, including explicit plans for supplier outages and regular scenario testing, Jenkins says.

A “robust incident management process” ensures an effective response to problems, says Kretchmar. This should include “defined escalation thresholds, clear lines of communication and well tested playbooks”, he advises.

Regulatory frameworks such as the Digital Operational Resilience Act, Network and Information Systems 2 and ISO 27036 can help. These recognise the risks by mandating stronger operational resilience and supplier risk governance, according to Simon Pamplin, chief technology officer at Certes. “At their core, they expect continuous assurance, contingency planning and the ability to demonstrate you can withstand a significant third-party disruption.”

Meanwhile, ISO/IEC 27001 embeds supplier security, business continuity and incident management into information security management systems, says Jenkins.

Preparing for Future Outages

As digital services become more tightly interconnected and reliant on large cloud‑providers, outages will remain inevitable. This means attackers will increasingly exploit moments of systemic failure, says Brewer.

Taking this into account, IT leaders should map dependencies, build redundancy for critical services, and regularly drill contingency plans, Jenkins says. “Crisis communication plans must be ready, with clear messaging templates and out-of-band channels. Monitoring should use multiple sources, and vendor contracts should include resilience commitments.”

At the same time, security must not be sacrificed for speed during outages, Jenkins warns. “Ensure that emergency changes are logged and reviewed. User education must cover outage-related scams, and post-incident analysis should drive continuous improvement.”

Kate O'Flaherty

Kate is a cybersecurity and privacy journalist with well over a decade’s experience covering the issues that matter to users, businesses and governments. In addition to ISMS.online, her work can be found in Forbes, Wired, The Guardian, The Observer, The Times and The Economist.

Heathrow Cyber Incident: Lessons in Resilience and Incident Response

As regulators mandate resilience in business operations, what can others learn from the cyberattack on a supplier that impacted Heathrow and its pe...

Kate O'Flaherty

Cyber security 16 September 2025

If They Can Hit A Nuclear Agency, They Can Breach You: What the SharePoint Exploit Means For Your Business

The SharePoint exploit was used on high-profile victims including the US National Nuclear Security Administration, the Department of Homeland Secur...

Kate O'Flaherty

Cyber security 22 July 2025