Hackers Using Google's Cloud Infrastructure to Dupe Users with Phishing Emails

Google | June 02, 2020

Hackers Using Google's Cloud Infrastructure to Dupe Users with Phishing Emails
  • According to Cyware, researchers at Trustwave recently discovered numerous hackers infecting users with malware by targeting them via Google's Cloud infrastructure.

  • By leveraging Google Cloud’s infrastructure in their campaigns, threat actors have attached Google Firebase storage URLs to various phishing emails.

  • Once a user clicks on the Firebase link in the email, they are directed to a fake login page that requests their login credentials.


According to Cyware, researchers at Trustwave recently discovered numerous hackers infecting users with malware by targeting them via Google's Cloud infrastructure. A number of phishing campaigns uncovered by the team of researchers found that threat actors are using Google Firebase storage URLs to dupe users into giving up their login credentials. By leveraging Google Cloud’s infrastructure in their campaigns, threat actors have attached Google Firebase storage URLs to various phishing emails. Once a user clicks on the Firebase link in the email, they are directed to a fake login page that requests their login credentials. Once an unsuspecting user has entered their credentials, she fake page shares them with the hackers.


Per Trustwave: “This phishing campaign although low in volume seems to be targeting a range of industries, as well as being detected by our spam traps. Some exemplar phishing messages used in this campaign are illustrated here. The major themes include payment invoice, upgrade email account, release pending messages, verify account, account error, change password, etc.” Trustware also observed threat actors using the coronavirus pandemic and internet banking lures to trick victims into accessing fake vendor-payment forms designed to harvest users’ login credentials. Other tactics the hackers used included Microsoft Outlook and Office 365 phishing pages that harvest corporate login credentials.



Read more: NET ONE SYSTEMS ADOPTS JUNIPER'S CONTRAIL ENTERPRISE SOLUTION TO FURTHER NETWORKING INFRASTRUCTURE

The use of cloud infrastructure is gaining popularity among cyber criminals as they are not easily flagged by security controls, Cyware explained, adding, Because of the large user base of Google cloud services, such phishing emails can often be overlooked by the security teams.

~ Google


The use of cloud infrastructure is gaining popularity among cyber criminals as they are not easily flagged by security controls,” Cyware explained, adding, Because of the large user base of Google cloud services, such phishing emails can often be overlooked by the security teams. To combat such phishing attempts, individuals and tech leaders should ensure that they’re up to date on hackers’ latest endeavors. As one might imagine, the more knowledgeable a user is, the better prepared they are to avoid falling victim to nefarious phishing campaigns. Hackers have been abusing Google’s cloud computing service to redirect and intercept web and mail traffic on an array of vulnerable consumer routers.

Google Cloud’s infrastructure in their campaigns, threat actors have attached Google Firebase storage URLs to various phishing emails. Once a user clicks on the Firebase link in the email, they are directed to a fake login page that requests their login credentials.


The fraudulent emails cut through industries to take control of the Firebase’s data storage API in a Google Cloud Storage bucket and secretly keep malicious URLs in phishing emails, which then direct users to fraudulent pages. Fahim Abbasi, a researcher at Trustware, spoke about these phishing campaigns in his blog post and mentioned, while these campaigns deployed common phishing baits, the adoption of Google Firebase storage URLs made them look unique and authentic. He added, actors have taken undue advantage of Google’s reputation and cloud infrastructure to carry out phishing credential harvesting pages. Additionally, Abbasi also presented about nine examples with major themes of the phishing campaigns, which include release pending messages, payment invoice, verify account, upgrade email account, change password, account error, and several other similar to these.


Google Cloud Platform (GCP), offered by Google, is a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, such as Google Search, Gmail and YouTube. Alongside a set of management tools, it provides a series of modular cloud services including computing, data storage, data analytics and machine learning. Registration requires a credit card or bank account details. Google Cloud Platform provides infrastructure as a service, platform as a service, and serverless computing environments. In April 2008, Google announced App Engine, a platform for developing and hosting web applications in Google-managed data centers, which was the first cloud computing service from the company. The service became generally available. Since the announcement of the App Engine, Google added multiple cloud services to the platform.


Read more: COVID-19 HAS ACCELERATED THE LONG-DUE INVESTMENTS INTO DIGITAL INFRASTRUCTURE

Spotlight

Optimized IT infrastructure help Samskip support their business outcome.
Samskip is a global logistics company and one of leading
transport companies in Europe with offices in 24 countries.
IBM and Nyherji created a new technology platform based on IBM Power8 and IBM Storage.

Related News

Samsung has inked a $6.65 billion contract with Verizon to supply the carrier with 5G infrastructure

siliconangle | September 07, 2020

In a big win for its networking business, Samsung Electronics Co. Ltd. has inked a $6.65 billion contract with Verizon Communications Inc. to supply the carrier with 5G infrastructure and related technology. Bloomberg reported on the deal Sunday evening, citing a regulatory filing submitted in South Korea. The deal is one of the largest network infrastructure contracts for Samsung to date and shows that its investments in 5G are starting to bear fruit. The company, though historically not a major player in the carrier equipment market, has been heavily investing in 5G technology over the last decade.

Read More

APPLICATION INFRASTRUCTURE

Athonet Announces Bring Your Own RAN™ Program for Private Networks

Athonet | November 15, 2021

Athonet, a global leader in private network technology, today introduced Bring Your Own RAN™ (BYORAN™) program enabling organizations to choose the combination of radio products that meet the needs of the mix of applications in the enterprise or service provider setting; all managed from a single cloud-based dashboard. Mobile Experts predicts the total private LTE/5G market opportunity over the next six years to exceed $45 billion, including services. Kyung Mun, principal analyst at Mobile Experts, stated, "Providing options in how private networks are deployed and managed will be a key to this growth and adoption. Organizations are looking at best-of-breed but need integrated private LTE and 5G solutions, which makes the concept of 'Bring Your Own RAN' appealing." The Athonet cloud-based private network management system not only allows the organization to choose their own radio, but enables them to run different radios concurrently in their private network. For example, a different radio may be used indoor compared to outdoor to hit the required coverage and performance targets. IT managers can also view all the radios in a single dashboard without logging in/out of different management platforms. Many radio vendors have already been tested for interoperability and their respective management tools integrated into the portal. The program is open to all radio vendors. "Athonet is changing the way private networks are built and managed with this new private network management dashboard which can be located adjacent to the core on premise or hosted in the cloud,All radios are connected to a core. We are taking all the traffic connected to our core and consolidating the data so you have a single pane of glass to get all information from all radios and core elements. Now these radios are not just connected, but easily managed in a centralized place." Martin Jensen, vice president, Solution Architecture, Athonet The advantage of this solution is the management of the entire system can always be accessed from a single point with a single pane of glass regardless if the core is deployed as a single or multiple instance or fully in the cloud, on premise, or as a hybrid architecture. BYORAN by Athonet will be demonstrated in booth #206 at Enterprise 5G Live in Santa Clara, CA on November 16-17, 2021. Some of the RAN vendors that were tested and approved for interoperability in Athonet's lab will be showcased at the conference. At Enterprise 5G Live, Athonet will be presenting on a panel highlighting the benefits of private networks for retail on Tuesday, November 17 at 1:30pm PT. About Athonet Athonet is a leader in private cellular network technology delivering a mobile core to enterprises and communication service providers to connect applications, devices and radios. With more than 10 years of experience in delivering 4G/5G mobile core solutions to customers and partners in every region of the world, Athonet supports key industries where network control, mobility, security, performance, reliability and cost are important for business outcomes.

Read More

Nissan migrates its high performance computing workloads to oracle Cloud Infrastructure

Cision PR Newswire | August 13, 2020

Oracle announced today that Nissan Motor Co., Ltd is migrating its on-premises, high-performance computing (HPC) workloads to Oracle Cloud Infrastructure. Nissan relies on a digital product design process to make quick and critical design decisions to improve the fuel efficiency, reliability and safety of its cars. By moving its performance and latency sensitive-engineering simulation workloads to Oracle Cloud, Nissan will be able to speed the design and testing of new cars. Specifically, Nissan uses software-based Computational Fluid Dynamics (CFD) and structural simulation techniques to design and test cars for external aerodynamics and structural failures. Oracle Cloud Infrastructure's compute, networking, and storage services optimized for HPC applications will allow Nissan to benefit from the industry's first and only bare-metal HPC solution with RDMA networking as it innovates cars. Nissan anticipates higher performance and lowers costs with the ability to easily run their engineering simulation workloads in the cloud.

Read More

Spotlight

Optimized IT infrastructure help Samskip support their business outcome.
Samskip is a global logistics company and one of leading
transport companies in Europe with offices in 24 countries.
IBM and Nyherji created a new technology platform based on IBM Power8 and IBM Storage.