Hackers Using Google's Cloud Infrastructure to Dupe Users with Phishing Emails

  • According to Cyware, researchers at Trustwave recently discovered numerous hackers infecting users with malware by targeting them via Google's Cloud infrastructure.

  • By leveraging Google Cloud’s infrastructure in their campaigns, threat actors have attached Google Firebase storage URLs to various phishing emails.

  • Once a user clicks on the Firebase link in the email, they are directed to a fake login page that requests their login credentials.


According to Cyware, researchers at Trustwave recently discovered numerous hackers infecting users with malware by targeting them via Google's Cloud infrastructure. A number of phishing campaigns uncovered by the team of researchers found that threat actors are using Google Firebase storage URLs to dupe users into giving up their login credentials. By leveraging Google Cloud’s infrastructure in their campaigns, threat actors have attached Google Firebase storage URLs to various phishing emails. Once a user clicks on the Firebase link in the email, they are directed to a fake login page that requests their login credentials. Once an unsuspecting user has entered their credentials, she fake page shares them with the hackers.


Per Trustwave: “This phishing campaign although low in volume seems to be targeting a range of industries, as well as being detected by our spam traps. Some exemplar phishing messages used in this campaign are illustrated here. The major themes include payment invoice, upgrade email account, release pending messages, verify account, account error, change password, etc.” Trustware also observed threat actors using the coronavirus pandemic and internet banking lures to trick victims into accessing fake vendor-payment forms designed to harvest users’ login credentials. Other tactics the hackers used included Microsoft Outlook and Office 365 phishing pages that harvest corporate login credentials.



Read more: NET ONE SYSTEMS ADOPTS JUNIPER'S CONTRAIL ENTERPRISE SOLUTION TO FURTHER NETWORKING INFRASTRUCTURE

The use of cloud infrastructure is gaining popularity among cyber criminals as they are not easily flagged by security controls, Cyware explained, adding, Because of the large user base of Google cloud services, such phishing emails can often be overlooked by the security teams.

~ Google


The use of cloud infrastructure is gaining popularity among cyber criminals as they are not easily flagged by security controls,” Cyware explained, adding, Because of the large user base of Google cloud services, such phishing emails can often be overlooked by the security teams. To combat such phishing attempts, individuals and tech leaders should ensure that they’re up to date on hackers’ latest endeavors. As one might imagine, the more knowledgeable a user is, the better prepared they are to avoid falling victim to nefarious phishing campaigns. Hackers have been abusing Google’s cloud computing service to redirect and intercept web and mail traffic on an array of vulnerable consumer routers.

Google Cloud’s infrastructure in their campaigns, threat actors have attached Google Firebase storage URLs to various phishing emails. Once a user clicks on the Firebase link in the email, they are directed to a fake login page that requests their login credentials.


The fraudulent emails cut through industries to take control of the Firebase’s data storage API in a Google Cloud Storage bucket and secretly keep malicious URLs in phishing emails, which then direct users to fraudulent pages. Fahim Abbasi, a researcher at Trustware, spoke about these phishing campaigns in his blog post and mentioned, while these campaigns deployed common phishing baits, the adoption of Google Firebase storage URLs made them look unique and authentic. He added, actors have taken undue advantage of Google’s reputation and cloud infrastructure to carry out phishing credential harvesting pages. Additionally, Abbasi also presented about nine examples with major themes of the phishing campaigns, which include release pending messages, payment invoice, verify account, upgrade email account, change password, account error, and several other similar to these.


Google Cloud Platform (GCP), offered by Google, is a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, such as Google Search, Gmail and YouTube. Alongside a set of management tools, it provides a series of modular cloud services including computing, data storage, data analytics and machine learning. Registration requires a credit card or bank account details. Google Cloud Platform provides infrastructure as a service, platform as a service, and serverless computing environments. In April 2008, Google announced App Engine, a platform for developing and hosting web applications in Google-managed data centers, which was the first cloud computing service from the company. The service became generally available. Since the announcement of the App Engine, Google added multiple cloud services to the platform.


Read more: COVID-19 HAS ACCELERATED THE LONG-DUE INVESTMENTS INTO DIGITAL INFRASTRUCTURE

Spotlight

Spotlight

Related News

Application Infrastructure

dxFeed Launches Market Data IaaS Project for Tradu, Assumes Infrastructure and Data Provision Responsibilities

PR Newswire | January 25, 2024

dxFeed, a global leader in data solutions and index management for the financial industry, announces the launch of an Infrastructure as a Service (IaaS) project for Tradu, an advanced multi-asset trading platform catering to active traders and investors. In this venture, dxFeed manages the crucial aspects of infrastructure and data provision for Tradu. As an award-winning IaaS provider (the Best Infrastructure Provider by the Sell-Side Technology Awards 2023), dxFeed is poised to address all technical challenges related to market data delivery to hundreds of thousands of end users, allowing Tradu to focus on its core business objectives. Users worldwide can seamlessly connect to Tradu's platform, receiving authorization tokens for access to high-quality market data from the EU, US, Hong Kong, and Australian Exchanges. This approach eliminates the complexities and bottlenecks associated with building, maintaining, and scaling the infrastructure required for such extensive global data access. dxFeed's scalable low latency infrastructure ensures the delivery of consolidated and top-notch market data from diverse sources to the clients located in Asia, Americas and Europe. With the ability to rapidly reconfigure and accommodate the growing performance demands, dxFeed is equipped to serve hundreds of thousands of concurrent clients, with the potential to scale the solution even further in order to meet the constantly growing demand, at the same time providing a seamless and reliable experience. One of the highlights of this collaboration is the introduction of brand-new data feed services exclusively for Tradu's Stocks platform. This proprietary solution enhances Tradu's offerings and demonstrates dxFeed's commitment to delivering tailored and innovative solutions. Tradu also benefits from dxFeed's Stocks Radar—a comprehensive technical and fundamental market analysis solution. This Software as a Service (SaaS) seamlessly integrates with infrastructure, offering added value to traders and investors by simplifying complex analytical tasks. Moreover, Tradu leverages the advantages of dxFeed's composite feed (the winner at The Technical Analyst Awards). This accolade reinforces dxFeed's commitment to delivering excellence in data provision, further solidifying Tradu's position as a global leader in online foreign exchange. "When we were thinking of our new sophisticated multi-asset trading platform for the active trader and investors we met with the necessity of expanding instrument and user numbers. We realized we needed a highly competent, professional team to deploy the infrastructure, taking into account the peculiarities of our processes and services," said Brendan Callan, CEO of Tradu. "On the one hand, it allows our clients to receive quality consolidating data from multiple sources. On the other hand, as a leading global provider of online foreign exchange, we can dispose of dxFeed's geo-scalable infrastructure and perform rapid reconfiguration to meet growing performance demands to provide data to hundreds of thousands of our clients around the globe." "The range of businesses finding the Market Data IaaS (Infrastructure as a Service) model appealing continues to expand. This approach is gaining traction among various enterprises, from agile startups seeking rapid development to established, prominent brands acknowledging the strategic benefits of delegating market data infrastructure to specialized firms," said Oleg Solodukhin, CEO of dxFeed. By taking on the responsibilities of infrastructure and data provision, dxFeed empowers Tradu to focus on innovation and client satisfaction, setting the stage for a transformative journey in the dynamic world of financial trading. About dxFeed dxFeed is a leading market data and services provider and calculation agent for the capital markets industry. According to the WatersTechnology 2022 IMD & IRD awards honors, it's the "Most Innovative Market Data Project." dxFeed focuses primarily on delivering financial information and services to buy- and sell-side institutions in global markets, both traditional and crypto. That includes brokerages, prop traders, exchanges, individuals (traders, quants, and portfolio managers), and academia (educational institutions and researchers). Follow us on Twitter, Facebook, and LinkedIn. Contact dxFeed: pr@dxfeed.com About Tradu Tradu is headquartered in London with offices around the world. The global Tradu team speaks more than two dozen languages and prides itself on its responsive and helpful client support. Stratos also operates FXCM, an FX and CFD platform founded in 1999. Stratos will continue to offer FXCM services alongside Tradu's multi-asset platform.

Read More