Check Point Research, an Israeli cybersecurity firm warns against hackers’ concealing phishing attacks on Googe Cloud Service(GCP). Advanced features are used by hackers to disguise their activities and making it too difficult to identify a phishing attack. They use Google Cloud or Microsoft Azure to host their phishing pages decreasing the chance of getting caught.
How hackers carry out an attack
The security researchers at Check Point Research came across such a phishing attack earlier this year. A PDF document that was uploaded to Google Drive included a link to the phishing page. The phishing page asked the user to login with their Office 365 or organization e-mail. Nevertheless, choosing an option, resulted in a pop-up window and the login page appeared. When credentials were entered, the user was led to a real PDF report published by a renowned global consulting firm. At the same time, it is to be noted that nothing suspicious was caught as the phishing page was hosted on Google Cloud Storage.
However, the source code of the phishing page revealed that most of the resources were loaded from a website that belonged to the attackers. It further resolved to a Ukrainian IP Address. At the same time, many other domains related to this attack resolved to the same IP address, or to different ones on the same network.
Lotem Finkelsteen, Check Point’s Manager of Threat Intelligence said, “Users of Google Cloud Platform, even AWS and Azure users, should all beware of this fast-growing trend, and learn how to protect themselves. It starts by thinking twice about the files you receive from senders.”
Check Point Research suggest measures to be taken:
- Don’t use the same password for different accounts and applications.
- Consider using email security measures.
- Be careful of unfamiliar email senders.
- Ensure the authenticity of sites.
- Block deceptive phishing sites.
- Organizations should use end-to-end cyber architectures.
New Android malware detected