Hackers Using Google's Cloud Infrastructure to Dupe Users with Phishing Emails

Google | June 02, 2020

  • According to Cyware, researchers at Trustwave recently discovered numerous hackers infecting users with malware by targeting them via Google's Cloud infrastructure.

  • By leveraging Google Cloud’s infrastructure in their campaigns, threat actors have attached Google Firebase storage URLs to various phishing emails.

  • Once a user clicks on the Firebase link in the email, they are directed to a fake login page that requests their login credentials.


According to Cyware, researchers at Trustwave recently discovered numerous hackers infecting users with malware by targeting them via Google's Cloud infrastructure. A number of phishing campaigns uncovered by the team of researchers found that threat actors are using Google Firebase storage URLs to dupe users into giving up their login credentials. By leveraging Google Cloud’s infrastructure in their campaigns, threat actors have attached Google Firebase storage URLs to various phishing emails. Once a user clicks on the Firebase link in the email, they are directed to a fake login page that requests their login credentials. Once an unsuspecting user has entered their credentials, she fake page shares them with the hackers.


Per Trustwave: “This phishing campaign although low in volume seems to be targeting a range of industries, as well as being detected by our spam traps. Some exemplar phishing messages used in this campaign are illustrated here. The major themes include payment invoice, upgrade email account, release pending messages, verify account, account error, change password, etc.” Trustware also observed threat actors using the coronavirus pandemic and internet banking lures to trick victims into accessing fake vendor-payment forms designed to harvest users’ login credentials. Other tactics the hackers used included Microsoft Outlook and Office 365 phishing pages that harvest corporate login credentials.



Read more: NET ONE SYSTEMS ADOPTS JUNIPER'S CONTRAIL ENTERPRISE SOLUTION TO FURTHER NETWORKING INFRASTRUCTURE

The use of cloud infrastructure is gaining popularity among cyber criminals as they are not easily flagged by security controls, Cyware explained, adding, Because of the large user base of Google cloud services, such phishing emails can often be overlooked by the security teams.

~ Google


The use of cloud infrastructure is gaining popularity among cyber criminals as they are not easily flagged by security controls,” Cyware explained, adding, Because of the large user base of Google cloud services, such phishing emails can often be overlooked by the security teams. To combat such phishing attempts, individuals and tech leaders should ensure that they’re up to date on hackers’ latest endeavors. As one might imagine, the more knowledgeable a user is, the better prepared they are to avoid falling victim to nefarious phishing campaigns. Hackers have been abusing Google’s cloud computing service to redirect and intercept web and mail traffic on an array of vulnerable consumer routers.

Google Cloud’s infrastructure in their campaigns, threat actors have attached Google Firebase storage URLs to various phishing emails. Once a user clicks on the Firebase link in the email, they are directed to a fake login page that requests their login credentials.


The fraudulent emails cut through industries to take control of the Firebase’s data storage API in a Google Cloud Storage bucket and secretly keep malicious URLs in phishing emails, which then direct users to fraudulent pages. Fahim Abbasi, a researcher at Trustware, spoke about these phishing campaigns in his blog post and mentioned, while these campaigns deployed common phishing baits, the adoption of Google Firebase storage URLs made them look unique and authentic. He added, actors have taken undue advantage of Google’s reputation and cloud infrastructure to carry out phishing credential harvesting pages. Additionally, Abbasi also presented about nine examples with major themes of the phishing campaigns, which include release pending messages, payment invoice, verify account, upgrade email account, change password, account error, and several other similar to these.


Google Cloud Platform (GCP), offered by Google, is a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, such as Google Search, Gmail and YouTube. Alongside a set of management tools, it provides a series of modular cloud services including computing, data storage, data analytics and machine learning. Registration requires a credit card or bank account details. Google Cloud Platform provides infrastructure as a service, platform as a service, and serverless computing environments. In April 2008, Google announced App Engine, a platform for developing and hosting web applications in Google-managed data centers, which was the first cloud computing service from the company. The service became generally available. Since the announcement of the App Engine, Google added multiple cloud services to the platform.


Read more: COVID-19 HAS ACCELERATED THE LONG-DUE INVESTMENTS INTO DIGITAL INFRASTRUCTURE

Spotlight

Join Internap in a holiday sing along- 12 Days of Christmas redux, IT Infrastructure style.

Spotlight

Join Internap in a holiday sing along- 12 Days of Christmas redux, IT Infrastructure style.

Related News

APPLICATION INFRASTRUCTURE

Fastly Launches “Fast Forward” Initiative to Support Open Source and Internet Infrastructure

Fastly | November 10, 2022

Fastly, Inc., the world’s fastest global edge cloud platform, today announced the relaunch of its industry-leading Open Source and Nonprofit Program as “Fast Forward,” with a renewed focus on building community among the builders and maintainers of an internet that is faster, safer, and more inclusive. The announcement was made at Altitude, Fastly’s annual flagship customer conference. Fast Forward is a set of broad-reaching programs designed to empower and support open source projects, nonprofit organizations, and developers in their endeavors to build great things with unmatched ease, performance, and security. Extending Fastly’s deep commitment to open source, Fast Forward will offer free services to open source projects and the nonprofits that support them. Fast Forward will also establish and foster a community of these stakeholders so they can interact with and learn from one another, as well as with the broader developer and open source community. Fast Forward stems from Fastly’s mission to help make the internet a better place, where all experiences are fast, engaging, and safe. At its core, Fastly is driven to be part of an industry that is open, transparent and collaborative – working together to expand and preserve resilience, portability, and interoperability. Fastly believes companies that operate at a global scale are responsible for contributing their expertise to the communal body of knowledge which makes up the open internet: standards, protocols, open source technology, and policies. “Providing Fastly’s best in class services to open source projects and standards initiatives has the power to drive our shared mission of making the internet a better place, It’s important for us to support the organizations that fuel Internet innovation” -Fastly CEO Todd Nightingale Fast Forward is just one element of Fastly’s rich heritage in open source and open standards: Fastly is a founding member of the Bytecode Alliance along with Red Hat, Mozilla, and Intel; works alongside industry partners such as Microsoft, Google, and Apple and more to contribute to Private Access Tokens; and encourages its employees to contribute to open source through projects like Pushpin, WAF Efficacy, and more – just to name a few initiatives. Fastly also has a long-standing policy for its customer community, and only works with customers and partners who reflect Fastly’s values. There’s so much great creativity on the internet that’s inspiring but doesn’t always have the support it deserves, Fast Forward is Fastly’s commitment to helping everyone build a better internet. From open source technologies, to the fundamental protocols and standards that make the internet go, we’re telling every developer and every creator that we’ve got their backs, no matter what technologies, tools or stacks they use. We can’t wait to see how they use that potential to build and scale an even better internet,said Anil Dash, VP of Developer Experience at Fastly. Fastly’s investment in open source has provided valuable support to organizations like the Rust Software Foundation, the Apache Software Foundation, and the Scratch Foundation. Their leaders talk about the benefits they get from Fastly’s Fast Forward Program: Joel Marcey, Director of Operations and Advocacy at the Rust Foundation, said, As a non-profit organization supporting the Rust Project, the Rust Foundation believes the future of software development is looking brighter every day thanks to Rust's inherent benefits such as memory safety, energy efficiency, and scalability. But for the Rust Project to meet the demands of its growing popularity, diversified and cost-effective infrastructure is critical. The Rust Foundation is grateful to be included in the Fast Forward program, which will allow the Rust Project to harness Fastly's full-site delivery and powerful Compute@Edge platform at no cost. It's partnerships like these that will contribute to the growth and sustainability of Rust into the future. Daniel Gruno, Infrastructure Architect at the Apache Foundation, said, Fastly's sponsorship allowed The Apache Software Foundation to replace a complicated mirror infrastructure with a simple content delivery network (CDN) that is largely transparent to our projects and users. In addition, it's allowed the Infrastructure team to spend less time on our distribution network and more time on higher value projects for the foundation. Colby Gutierrez-Kraybill, Principal Software Engineer at Scratch Foundation, said, Thanks to Fastly's global reach and ongoing support, we are able to fulfill our mission at the Scratch Foundation of providing young people all over the world with digital tools and opportunities to imagine, create, share, and learn. We are grateful for Fastly's partnership, allowing us to stay flexible and agile as our platforms Scratch and ScratchJr grow globally as leading creative learning tools. To qualify for free services through the Fast Forward Program, members must freely distribute their codebase and align with Fastly’s open source values: open, community oriented, inclusive, friendly to new contributors, and built on trust. If accepted, they in turn commit to sharing knowledge and resources with the Fast Forward community and beyond. About Fastly Fastly’s powerful and programmable edge cloud platform helps the world’s top brands deliver the fastest online experiences possible, while improving site performance, enhancing security, and empowering innovation at global scale. With world-class support that achieves 95%+ average annual customer satisfaction ratings, Fastly’s beloved suite of edge compute, delivery, and security offerings has been recognized as a leader by industry analysts such as IDC, Forrester and Gartner. Compared to legacy providers, Fastly’s powerful and modern network architecture is the fastest on the planet, empowering developers to deliver secure websites and apps at global scale with rapid time-to-market and industry-leading cost savings. Thousands of the world’s most prominent organizations trust Fastly to help them upgrade the internet experience, including Reddit, Pinterest, Stripe, Neiman Marcus, The New York Times, Epic Games, and GitHub.

Read More

HYPER-CONVERGED INFRASTRUCTURE,APPLICATION INFRASTRUCTURE

Symbio launches Carrier Infrastructure as a Service offering for wholesale customers

Symbio | November 08, 2022

Industry-leading communications software provider Symbio Holdings, today announced the launch of Carrier Infrastructure as a Service (CIaaS) – a unified carrier-grade product suite designed to simplify the wholesale customer experience. Symbio's CIaaS offering makes it easier for communications service providers of all sizes to launch and scale cloud collaboration services in new markets, utilising Symbio's proprietary cloud-based technology stack. CIaaS provides the necessary physical infrastructure through Symbio's extensive voice network, together with the virtual components needed to deliver high-quality, cost-effective communications services in Australia, New Zealand, Singapore and beyond. "The wholesale voice market is entering a new and complex era, faced with regulatory and compliance challenges that make it difficult for service providers to economically launch and scale cloud communications solutions. Giorgio Mihaila, CEO of Symbio's Connect division "With our Carrier Infrastructure as a Service offering, we are making it simpler and more cost-effective than ever for service providers to scale their own solutions, by removing barriers to entry into new markets so they can focus on what matters most – the customer experience. "We've spent several years migrating core carrier functions to the cloud to be able to offer our proprietary technology stack that can move at scale, anywhere. "Now, wholesale service providers can offer end-users all the same benefits as a tier-1 supplier, without needing to invest in their own infrastructure or go through the time-consuming process of securing a carrier license when entering new markets," he said. Backed by 20-years of innovation and experience Leveraging Symbio's voice network, CIaaS enables domestic service providers to access the same capabilities as leading carriers without the need for infrastructure investments to deliver reliable, quality voice communications. In addition, CIaaS is backed by carrier-grade customer support and expertise through in-country customer service teams working locally, to support global customers for international call routing and other services. With this capability, Symbio can help service providers navigate and understand individual country licensing and regulatory challenges. "Symbio's Carrier Infrastructure as a Service offering is designed to provide immediate benefits, with continuous updates to the product suite. As new capabilities and innovations emerge customers will automatically receive these, enabling this service to be the central marketplace for all wholesale communications needs," concluded Mr Mihaila. About Symbio Symbio is a software company changing the way the world communicates. Symbio brings together everything needed to deploy and manage modern communication services. The Symbio platform delivers the full communication stack, from carrier infrastructure to enterprise collaboration, across multiple Asia-Pacific regions.

Read More

HYPER-CONVERGED INFRASTRUCTURE, APPLICATION INFRASTRUCTURE

DZS Wins 2022 Excellence Award from Cloud Computing Magazine

DZS | October 31, 2022

DZS , a global leader in access and optical edge infrastructure and cloud software solutions, today announced that the company won the 2022 Excellence Award from Cloud Computing Magazine for DZS Cloud, a DZS software platform that provides end-to-end visibility and orchestration, automation, network assurance and WiFi analytics for amazing subscriber experience and extraordinary operational agility. Cloud Computing Magazine, a subsidiary of TMC, awarded this honor to companies who most effectively leveraged cloud computing in their efforts to bring new, differentiated services and solutions to market. “We continue to see remarkable progress and innovation in the cloud computing industry within the past twelve months, making this a very competitive process. It’s our pleasure to recognize such impressive contributions that have been proven to resonate in the cloud marketplace.” Rich Tehrani, CEO of TMC “Our DZS Cloud platform leverages the latest in AI, analytics and machine learning capabilities to deliver our service provider customers advanced automation along with the ability to refine network operations and service assurance, while simplifying the deployment of new services across multi-vendor networks," said Rene Tio, VP of Cloud Solutions for DZS. “As more service providers embrace openness, DZS Cloud becomes a powerful strategic asset, allowing them to unify services across their diverse access and transport vendor environment and accelerate their on-boarding and IT (OSS/BSS) integration cycles from months to weeks, significantly reducing integration costs. TMC is a stalwart in the telecommunications industry – so we are extremely proud for our DZS Cloud platform to be recognized for the innovation it is delivering in this prestigious category." DZS Cloud is being recognized industry-wide for its simple, effortless and efficient design, massive cost-saving ability, and the quality-of-experience it offers. We believe it is the only orchestration and experience management platform purpose-built to manage services across access, mobile and NFV domains. Typical DZS Cloud deployments by service providers have unlocked the following expected benefits: 3 to 4-fold improvement in the speed of delivery of new features and services onboarding Reduce new vendor application provision from 90 days to 3 days 25-35% improvement in network quality-of-experience 30-50% fewer customer service calls and 5-12% reduction in repeat calls Reduced truck dispatches by 44% 5-fold reduction in repeated truck rolls 50% increase in remote issue resolution 80% reduction in number of subscribers experiencing interference Reduced subscriber coverage issues by 70% 15-20% improvement in customer retention When integrated with the three DZS broadband portfolio pillars of Access EDGE, Optical EDGE, and Subscriber EDGE, DZS Cloud produces significant cost savings for service providers, provides complete WiFi connectivity and control for subscribers, and ultimately unlocks the door to transforming today’s service provider into tomorrow’s experience provider. Further, by expanding the DZS Cloud software suite with Expresse and CloudCheck, DZS strategically rounded out its existing DZS Cloud service orchestration and network automation offerings, distinguishing DZS Cloud as one of the industry’s most comprehensive service and consumer-experience-management software platforms for multi-vendor service provider network environments. All DZS solutions are standards-based, have proven interoperability with leading industry vendors, and can be managed and orchestrated easily along-side other third-party solutions. About DZS DZS Inc. is a global leader in access and optical edge infrastructure and cloud edge software solutions. DZS, the DZS logo, and all DZS product names are trademarks of DZS Inc. Other brand and product names are trademarks of their respective holders. Specifications, products, and/or product names are all subject to change.

Read More