Comments
Hackers are concealing phishing attacks on Google Cloud services making it more difficult to recognise such attacks, according to researchers at Check Point.
Check Point researchers have highlighted a trend which is making phishing attacks more difficult to identify on the Google Cloud platform.
“Hackers upload PDF document to Google drive, which include a phishing page,” the report said.
“By using advanced features in a well-known cloud storage service, hackers can better disguise their malicious intentions, and not get caught by more traditional red flags that people look for, such as suspicious-looking domains or websites without a HTTPS certificate,” it said.
The report cited an example of a sophisticated phishing attack “that started with a PDF document uploaded to Google drive, which included a link to a phishing page.”
The page used requested a user’s Office365 credentials and then led to a real PDF report published by a renowned global consulting firm.
The phishing page was hosted on Google Cloud Storage, but malicious source code was traced to a Ukrainian IP address, as per the report.
“The attackers started using Google Cloud Functions, a service that allows the running of code in the cloud. In this case, the resources in the phishing page were loaded from a Google Cloud Functions instance without exposing the attackers’ own malicious domains,” the report said.
Such attacks are becoming more sophisticated, warned Check Point.
“Hackers are swarming around the cloud storage services that we rely on and trust, making it much tougher to identify a phishing attack. Traditional red flags of a phishing attack, such as look-alike domains or websites without certificates, won’t help us much as we enter a potential cyber pandemic. Users of Google Cloud Platform, even AWS and Azure users, should all beware of this fast-growing trend, and learn how to protect themselves. It starts by thinking twice about the files you receive from senders,” said Lotem Finkelsteen, Check Point’s Manager of Threat Intelligence.
Comments
COMMENT NOW
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.