Threat Actors Exploited Google Clouds to Launch Phishing Attacks

Actors Exploited Google
Share It On:

21 August 2020, Kathmandu

Sometimes we are unable to comprehend the advancement the world is making in terms of digital transformation. And those moments when we choose to ignore the threats that come with it, it is often too late. A report from Check Point Research stated a phishing attack that exploited Google Cloud.

Yes! The clouds may not be the safest place, after all.

Threat actors were found exploiting Google Cloud to host malicious payloads and launch phishing attacks.

Google may have dealt with this vulnerability, but it is up to us to stay vigilant and protect our data. In this article, we will also be discussing some ways how you can do that, especially on cloud services.

Let’s break down the Google Cloud Phishing Journey.

How did it Happen?

First, threat actors uploaded a PDF to Google Drive. They disguised the PDF to resemble a Microsoft SharePoint notice, but in reality, it contained a link to an MS Access Document.

actors uploaded a PDF to Google Drive
Image: Check Point

Once clicked, the link redirected the user to a phishing page hosted on storage.googleapis[.]com/asharepoint-unwearied-439052791/index.html.

The phishing page would then prompt the user to login with their Office 365 or organization email and password.

After the user would enter the login credentials, the page redirected to a real PDF report published by a renowned global consulting firm.

And, that’s the trick! Users wouldn’t be suspicious even for a second because they would think that they were viewing something useful.

Also, because the phishing page is hosted on Google Cloud Storage.

It is also difficult for security professionals to identify or detect such phishing campaigns for the same reason.

However, viewing the phishing page’s source code has revealed that most of the resources are loaded from a website that belongs to the attackers, prvtsmtp[.]com:”, the report stated.

page hosted on Google Cloud Storage

After further investigation of the website, researchers came to know that it was resolved to a Ukrainian IP address.

What Next?

Well, Google has a zero-day tolerance policy. So, it immediately suspended the phishing URL and all those associated with it.

There are also some incidents in the past where threat actors would host phishing pages using Dropbox and Microsoft Azure.

Also Read: Cyber Criminals Attention Shifting On ‘Email Phishing’

How To Prevent Such Phishing Attacks?

Check Point also suggested some precautionary measures to protect users against such phishing attacks.

Have a look at the following points:

  • Beware of lookalike domains and spelling errors. Unfamiliar email senders and spelling errors are a straight giveaway.
  • Take caution opening or downloading files received via email from unknown senders. Try to make sense of any suspicious call-to-action and subject line.
  • Ensure that you order products/services from an authentic source. One way to do that could be NOT clicking on promotional links in emails. Try to Google the desired service instead.
  • Beware of ‘special’ offers that could be nothing but a scam. For instance, ‘an exclusive cure for coronavirus for $150’. That should be a dead giveaway.
  • Try to keep separate passwords between different applications and accounts.

As they say, “Users’ mailboxes are the front door into your organization.”

Email security has become a necessity, which needs proper attention in organization architecture.

How often do you come across such potential scams or suspicious emails?

Do let us know in the comments!

Recommended Reads:


Share It On:

Recent Posts

Kumari Bank Promoter Share Sale: Eligibility, Application Process, and Price

Kumari Bank Promoter Share Sale: Eligibility, Application Process, and Price

Share It On:21st November, Kathmandu Kumari Bank Limited has officially declared its intention to sell a substantial number of promoter

Up to NPR 150 Cashback on Nepal Telecom and Ncell Services with Namaste Pay

Up to NPR 150 Cashback on Nepal Telecom and Ncell

Share It On:21st November, Kathmandu Namaste Pay has unveiled an exciting new campaign to reward its users with cashback on

Ncell introduces innovative feature, enabling customers to convert voice to data or data to voice services

Ncell introduces innovative feature, enabling customers to convert voice to

Share It On:21st November, Kathmandu Ncell customers can enjoy an innovative feature that allows them to convert or exchange remaining

Genese Solution’s G-TEC: Empowering Women in Tech and Creating a Diverse Tech Workforce in Nepal

Genese Solution’s G-TEC: Empowering Women in Tech and Creating a

Share It On:21st November 2024, Kathmandu Genese Solution – a value IT consulting company, and Kageshwori Manohara municipality, have joined

Shikhar Insurance: Celebrating 20 Years of Service and Commitment to Nepali Customers

Shikhar Insurance: Celebrating 20 Years of Service and Commitment to

Share It On:21st November 2024, Kathmandu Shikhar Insurance had a grand celebration for their 20th Anniversary. On the occasion of

India’s Generative AI Startups: A Comprehensive Look at 2024’s Key Trends and Investments

India’s Generative AI Startups: A Comprehensive Look at 2024’s Key

Share It On:21st November 2024, Kathmandu As 2024 draws to a close, India’s generative AI ecosystem stands out as a