Hackers Using Google's Cloud Infrastructure to Dupe Users with Phishing Emails

Google | June 02, 2020

  • According to Cyware, researchers at Trustwave recently discovered numerous hackers infecting users with malware by targeting them via Google's Cloud infrastructure.

  • By leveraging Google Cloud’s infrastructure in their campaigns, threat actors have attached Google Firebase storage URLs to various phishing emails.

  • Once a user clicks on the Firebase link in the email, they are directed to a fake login page that requests their login credentials.


According to Cyware, researchers at Trustwave recently discovered numerous hackers infecting users with malware by targeting them via Google's Cloud infrastructure. A number of phishing campaigns uncovered by the team of researchers found that threat actors are using Google Firebase storage URLs to dupe users into giving up their login credentials. By leveraging Google Cloud’s infrastructure in their campaigns, threat actors have attached Google Firebase storage URLs to various phishing emails. Once a user clicks on the Firebase link in the email, they are directed to a fake login page that requests their login credentials. Once an unsuspecting user has entered their credentials, she fake page shares them with the hackers.


Per Trustwave: “This phishing campaign although low in volume seems to be targeting a range of industries, as well as being detected by our spam traps. Some exemplar phishing messages used in this campaign are illustrated here. The major themes include payment invoice, upgrade email account, release pending messages, verify account, account error, change password, etc.” Trustware also observed threat actors using the coronavirus pandemic and internet banking lures to trick victims into accessing fake vendor-payment forms designed to harvest users’ login credentials. Other tactics the hackers used included Microsoft Outlook and Office 365 phishing pages that harvest corporate login credentials.



Read more: NET ONE SYSTEMS ADOPTS JUNIPER'S CONTRAIL ENTERPRISE SOLUTION TO FURTHER NETWORKING INFRASTRUCTURE

The use of cloud infrastructure is gaining popularity among cyber criminals as they are not easily flagged by security controls, Cyware explained, adding, Because of the large user base of Google cloud services, such phishing emails can often be overlooked by the security teams.

~ Google


The use of cloud infrastructure is gaining popularity among cyber criminals as they are not easily flagged by security controls,” Cyware explained, adding, Because of the large user base of Google cloud services, such phishing emails can often be overlooked by the security teams. To combat such phishing attempts, individuals and tech leaders should ensure that they’re up to date on hackers’ latest endeavors. As one might imagine, the more knowledgeable a user is, the better prepared they are to avoid falling victim to nefarious phishing campaigns. Hackers have been abusing Google’s cloud computing service to redirect and intercept web and mail traffic on an array of vulnerable consumer routers.

Google Cloud’s infrastructure in their campaigns, threat actors have attached Google Firebase storage URLs to various phishing emails. Once a user clicks on the Firebase link in the email, they are directed to a fake login page that requests their login credentials.


The fraudulent emails cut through industries to take control of the Firebase’s data storage API in a Google Cloud Storage bucket and secretly keep malicious URLs in phishing emails, which then direct users to fraudulent pages. Fahim Abbasi, a researcher at Trustware, spoke about these phishing campaigns in his blog post and mentioned, while these campaigns deployed common phishing baits, the adoption of Google Firebase storage URLs made them look unique and authentic. He added, actors have taken undue advantage of Google’s reputation and cloud infrastructure to carry out phishing credential harvesting pages. Additionally, Abbasi also presented about nine examples with major themes of the phishing campaigns, which include release pending messages, payment invoice, verify account, upgrade email account, change password, account error, and several other similar to these.


Google Cloud Platform (GCP), offered by Google, is a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, such as Google Search, Gmail and YouTube. Alongside a set of management tools, it provides a series of modular cloud services including computing, data storage, data analytics and machine learning. Registration requires a credit card or bank account details. Google Cloud Platform provides infrastructure as a service, platform as a service, and serverless computing environments. In April 2008, Google announced App Engine, a platform for developing and hosting web applications in Google-managed data centers, which was the first cloud computing service from the company. The service became generally available. Since the announcement of the App Engine, Google added multiple cloud services to the platform.


Read more: COVID-19 HAS ACCELERATED THE LONG-DUE INVESTMENTS INTO DIGITAL INFRASTRUCTURE

Spotlight

The private 5G market is at an early stage of development, but activity in the market is increasing. 5G accounted for over 50% of all publicly disclosed private network announcements at the end of 2022, according to Analysys Mason’s Private LTE/5G networks tracker.1 5G’s share is lower when non-public announcements are included, but it is expected that most private networks will eventually use 5G.

Spotlight

The private 5G market is at an early stage of development, but activity in the market is increasing. 5G accounted for over 50% of all publicly disclosed private network announcements at the end of 2022, according to Analysys Mason’s Private LTE/5G networks tracker.1 5G’s share is lower when non-public announcements are included, but it is expected that most private networks will eventually use 5G.

Related News

HYPER-CONVERGED INFRASTRUCTURE, APPLICATION STORAGE

Centerline Communications, LLC Acquires Pearson Pelletier Telecom

Centerline Communications, LLC | February 15, 2023

On February 14, 2023, Centerline Communications LLC, a portfolio company of Audax Private Equity and a pioneer in the construction, design, and maintenance of critical infrastructure, fiber, and wireless networks for Fortune 500 clients, has announced the acquisition of Pearson Pelletier Telecom ("PPT"). This is Centerline's sixth acquisition under Audax's ownership, and it will support rising demand for these services throughout the merged company's blue-chip client base. The deal to merge with PPT is the most recent in a series of acquisitions by Centerline to expand its reach across North America. CEO of Centerline, Josh Delman, said, "The combination of Centerline and PPT brings together unparalleled capabilities in critical infrastructure design, build, and maintenance services." He added, "Together, we are creating additional value for our employees, customers, and suppliers as we implement our primary business strategy to provide turnkey solutions for all critical infrastructure facilities and networks." (Source – Businesswire) PPT is a key provider of wireless network and infrastructure services in Canada, offering line and antenna services to Bell Mobility, Rogers Communications, Telus, and Videotron. Historically, PPT has operated in the Quebec and Ontario markets, but it has made new endeavors to grow throughout Canada in recent years. PPT intends to deliver more services, including wireline and engineering services, to its blue-chip clientele and will collaborate with Centerline to implement this plan. About Centerline Communications, LLC Centerline Communications is a privately owned, comprehensive provider of professional services. It is a prominent critical telecom infrastructure company founded in 2006. It focuses on designing, building, and managing next-generation wireless and wireline networks and critical infrastructure facilities. Site acquisition and A&E design, radio frequency (RF) engineering, DAS installation and integration, cell tower development, general telecommunications construction and maintenance, HVAC & generator maintenance, facility management services, and general construction services are among the company's business lines. Fiber technicians, tower technicians, RF engineers, RF technicians, DAS technicians, construction managers, electricians, systems integrators, project managers, and wireless carrier coordinators are employed by Centerline.

Read More

HYPER-CONVERGED INFRASTRUCTURE, APPLICATION STORAGE

ZincFive Launches New Nickel-Zinc Battery Cabinet for Data Center Industry

ZincFive | February 03, 2023

ZincFive, one of the most well-known companies that work with nickel-zinc batteries for power applications, has recently released the brand-new BC Series, nickel-zinc UPS Battery Cabinets called the BC2. This new product has forward and backward compatibility with megawatt UPS inverters, providing the smallest footprint per kilowatt, enhanced reliability, sustainability, less maintenance, and no thermal runway. As per the third-party analysis, ZincFive’s nickel-zinc batteries have a remarkable lower climate impact than lead-acid and lithium batteries. CEO and Co-Founder of ZincFive, Tim Hysell, said, "ZincFive continues to innovate with our powerful, safe, and reliable nickel-zinc battery technology, and the BC 2 is a great solution to address all current and future data centre needs." He further added, "In addition, the importance of sustainability in data centre backup battery systems continues to grow. Both ZincFive and our customers are committed to reducing carbon footprint and operating costs without sacrificing safety or performance." (Source – Business Wire) This battery cabinet has a width of 21 inches, has passed a seismic shake test with an SDS of 2.29 g, giving it a strong seismic footprint, and features active cooling, simple maintenance, and easy conduit landing. It has optimized packaging and design of the same old NiZn batteries with the best power density, safety, and sustainability, with total assembling capacity with batteries in the cabinet, and renders strong Total Cost of Ownership (TCO) credit for mission-critical data centers. About ZincFive ZincFive Awarded with 90 patents, ZincFive, a provider of nickel-zinc batteries and power solutions, utilizes the technology of The Power of Good Chemistry™ for the wellbeing of businesses, employees, and the environment. It is a private company based in Tualatin, Oregon, dedicated to the sustainability and safety of nickel-zinc chemistry, providing high power density, and optimizing performance for mission-critical applications, ensuring reliability, safety, and sustainability. It supports technology markets, the information technology sector, intelligent transportation, industrial engines, and data centers. Its products include the UPStealth® series, BC Series UPS Battery Cabinets, Monobloc Batteries, and Cylindrical Cells.

Read More

HYPER-CONVERGED INFRASTRUCTURE,APPLICATION STORAGE

Leviton's $80m Investment in Network Solutions to Boost Innovation

Leviton | January 06, 2023

Leader in electrical, lighting, and networking systems, Leviton, has made significant headway in its five-year, $80 million worldwide capital investment plan for its Network Solutions vertical. Leviton's investment in the Network Solutions business unit will solidify its $202 million acquisition of Berk-Tek in 2020, will increase its production capacity worldwide, and establish Leviton as one of the leading end-to-end makers of copper and fiber network infrastructure systems. The new expansion project of the Leviton fiber optic cabling manufacturing facility in Fuquay-Varina, North Carolina, makes up a sizeable chunk of the investment strategy. Construction of the project began in December 2022. Once finished in 2024, the facility will be equipped to support single mode cables, made-to-order fiber optic cable assemblies and long-term growth of multimode cables. In addition to this vast expansion, Leviton has implemented the following key advancements: Leviton's ATLAS-X1TM and EXTREMETM solutions have grown globally. Indeed, that doubled capacity in 2021 to meet worldwide demand. Additionally, Leviton added state-of-the-art technology at its Glenrothes (Scotland) manufacturing facility to improve capacity and deliver a uniform global specification for Category 6A cabling. Installing the optical fiber cable in the second quarter of last year, Leviton armored in sales support of this rapidly growing product line, including pre-terminated data center solutions in its NC factory. About Leviton Leviton designs innovative products across multiple industries, including electrical, lighting, and networking, to improve people's lives in several ways. Isidor Leviton immigrated from Russia to the United States in 1906, started a modest tinsmithing business, and founded Leviton, promising to remain committed to thinking and growing, innovative in creating new products, dedicated to giving safer life to communities throughout the world and adhere to UL standards in producing high-quality products.

Read More