Express Computer
Home  »  News  »  Hackers are using Google Cloud services to conceal phishing attacks, warns Check Point

Hackers are using Google Cloud services to conceal phishing attacks, warns Check Point

0 396

Researchers at Check Point warn of a fast-growing trend in which hackers are concealing phishing attacks on Google Cloud Platform (GCP). By using advanced features in a well-known cloud storage service, hackers can better disguise their malicious intentions, and not get caught by more traditional red flags that people look for such as suspicious-looking domains or websites without a HTTPS certificate.

In some cases, hackers upload PDF document to Google Drive, which included a phishing page
Phishing page requests Office365 credentials, leading to a real PDF report published by a renowned global consulting firm. Phishing page is hosted on Google Cloud Storage, but malicious source code is traced to a Ukrainian IP address

This year, Check Point researchers came across an attack that started with a PDF document uploaded to Google Drive, which included a link to a phishing page. The phishing page, hosted on storage.googleapis[.]com/asharepoint-unwearied-439052791/index.html, asked the user to login with their Office 365 or organization e-mail.

When a user chooses one of the options, a pop-up window with the Outlook login page appears. After the credentials were entered, the user is led to a real PDF report published by a renowned global consulting firm. During all of these stages, the user never gets suspicious since the phishing page is hosted on Google Cloud Storage. However, viewing the phishing page’s source code has revealed that most of the resources are loaded from a website that belongs to the attackers, prvtsmtp[.]com.

The attackers started using Google Cloud Functions, a service that allows the running of code in the cloud. In this case, the resources in the phishing page were loaded from a Google Cloud Functions instance without exposing the attackers’ own malicious domains. Investigating prvtsmtp[.]com showed that it resolved to a Ukrainian IP address (31.28.168[.]4). Many other domains related to this phishing attack resolved to the same IP address, or to different ones on the same netblock.

“Hackers are swarming around the cloud storage services that we rely on and trust, making it much tougher to identify a phishing attack. Traditional red flags of a phishing attack, such as look-alike domains or websites without certificates, won’t help us much as we enter a potential cyber pandemic. Users of Google Cloud Platform, even AWS and Azure users, should all beware of this fast-growing trend, and learn how to protect themselves. It starts by thinking twice about the files you receive from senders.”

How to Stay Protected

# Beware of lookalike domains, spelling errors in emails or websites, and unfamiliar email senders
# Be cautious with files received via email from unknown senders, especially if they prompt for a certain action you would not usually do.
# Ensure you are ordering goods from an authentic source. One way to do this is NOT to click on promotional links in emails, and instead, Google your desired retailer and click the link from the Google results page.
# Beware of “special” offers. “An exclusive cure for coronavirus for $150” is usually not a reliable or trustworthy purchase opportunity.
# Make sure you do not reuse passwords between different applications and accounts.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image