securityJuly 24, 20200Attackers use Google Cloud Services to host phishing pages

Malicious attackers are concealing phishing attacks on Google’s Cloud Services, according to researchers at the Israeli security firm Check Point.

Researchers at the Israeli security firm Check Point have warned about phishing attacks on Google’s Cloud Services. This was being done by uploading a PDF to Google Drive that included a phishing page.

A genuine PDF report published on Google Cloud

Due to Check Point said this phishing page would request Office365 credentials and lead to a genuine PDF report published by a well-known global consulting firm. While the page was hosted on Google Cloud Storage, the malicious source code had been traced to an IP address belonging to Ukraine. Victims are redirected to a genuine PDF report published by a “renowned global consulting firm.”

Lotem Finkelsteen, Manager of Threat Intelligence at Check Point, said,

“Hackers are swarming around the cloud storage services that we rely on and trust, making it much tougher to identify a phishing attack. Traditional red flags of a phishing attack, such as look-alike domains or websites without certificates, won’t help us much as we enter a potential cyber pandemic. Users of Google Cloud Platform, even AWS and Azure users, should all beware of this fast-growing trend and learn how to protect themselves. It starts by thinking twice about the files you receive from senders.”

The cybersecurity advised the organizations,

“Organisations should prevent zero-day attacks with end-to-end cyber architectures, to block deceptive phishing sites and provide alerts on password reuse in real-time. Targeted phishing schemes steal $300 billion from businesses every month, so consider using email security measures too.”

Leave a Reply