|
|
|
|
Hackers found using Google Cloud to hide phishing attacks
|
|
|
|
| Top Stories |
 |
|
|
|
SME Times News Bureau | 21 Jul, 2020
Researchers at cybersecurity firm Check Point on Tuesday cited an
instance when hackers used advanced features on Google Cloud Platform to
host phishing pages and hide them.
Some of the warning signs
that users generally look out for in a phishing attack include
suspicious-looking domains, or websites without a HTTPS certificate.
However,
by using well-known public cloud services such as Google Cloud or
Microsoft Azure to host their phishing pages, the attackers can overcome
this obstacle and disguise their malicious intent, improving their
chances of ensnaring even security-savvy victims, Check Point said in a
blog post.
"Hackers are swarming around the cloud storage
services that we rely on and trust, making it much tougher to identify a
phishing attack. Traditional red flags of a phishing attack, such as
look-alike domains or websites without certificates, won't help us much
as we enter a potential cyber pandemic," Lotem Finkelsteen, Check
Point's Manager of Threat Intelligence, said in a statement.
"Users
of Google Cloud Platform, even Amazon Web Services (AWS) and Azure
users, should all beware of this fast-growing trend, and learn how to
protect themselves. It starts by thinking twice about the files you
receive from senders."
The Check Point researchers cited an
example of a hacker using Google Cloud Platform advanced features,
Google Functions, to orchestrate a sophisticated phishing attack, just
like any other business.
The researchers said that in January
this year they came across an attack that started with a PDF document
uploaded to Google Drive, which included a link to a phishing page.
The phishing page asked the user to login with their Office 365 or organisation e-mail.
When a user chooses one of the options, a pop-up window with the Outlook login page appears.
After the credentials were entered, the user is led to a real PDF report published by a renowned global consulting firm.
During all of these stages, the user never gets suspicious since the phishing page is hosted on Google Cloud.
However,
viewing the phishing page's source code revealed that most of the
resources are loaded from a website that belongs to the attackers,
prvtsmtp[.]com.
The attackers started using Google Cloud Functions, a service that allows the running of code in the cloud.
In
this case, the resources in the phishing page were loaded from a Google
Cloud Functions instance without exposing the attackers' own malicious
domains.
The probe revealed that it resolved to a Ukrainian IP address.
Many
other domains related to this phishing attack resolved to the same IP
address, or to different ones on the same netblock, Check Point said.
Google
suspended this particular hacker project in January for phishing abuse,
which subsequently suspended the URL as well as all URLs associated
with that project since that time.
The researchers said that
people need to be cautious with files received via email from unknown
senders, especially if they prompt for a certain action you would not
usually do.
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
| Customs Exchange Rates |
| Currency |
Import |
Export |
US Dollar
|
84.35
|
82.60 |
UK Pound
|
106.35
|
102.90 |
Euro
|
92.50
|
89.35 |
| Japanese
Yen |
55.05 |
53.40 |
| As on 12 Oct, 2024 |
|
|
| Daily Poll |
 |
 |
| Will the new MSME credit assessment model simplify financing? |
|
|
|
|
|
| Commented Stories |
|
|
|
|
|
|
| |
|
