Hackers Using Google's Cloud Infrastructure to Dupe Users with Phishing Emails

Google | June 02, 2020

  • According to Cyware, researchers at Trustwave recently discovered numerous hackers infecting users with malware by targeting them via Google's Cloud infrastructure.

  • By leveraging Google Cloud’s infrastructure in their campaigns, threat actors have attached Google Firebase storage URLs to various phishing emails.

  • Once a user clicks on the Firebase link in the email, they are directed to a fake login page that requests their login credentials.


According to Cyware, researchers at Trustwave recently discovered numerous hackers infecting users with malware by targeting them via Google's Cloud infrastructure. A number of phishing campaigns uncovered by the team of researchers found that threat actors are using Google Firebase storage URLs to dupe users into giving up their login credentials. By leveraging Google Cloud’s infrastructure in their campaigns, threat actors have attached Google Firebase storage URLs to various phishing emails. Once a user clicks on the Firebase link in the email, they are directed to a fake login page that requests their login credentials. Once an unsuspecting user has entered their credentials, she fake page shares them with the hackers.


Per Trustwave: “This phishing campaign although low in volume seems to be targeting a range of industries, as well as being detected by our spam traps. Some exemplar phishing messages used in this campaign are illustrated here. The major themes include payment invoice, upgrade email account, release pending messages, verify account, account error, change password, etc.” Trustware also observed threat actors using the coronavirus pandemic and internet banking lures to trick victims into accessing fake vendor-payment forms designed to harvest users’ login credentials. Other tactics the hackers used included Microsoft Outlook and Office 365 phishing pages that harvest corporate login credentials.



Read more: NET ONE SYSTEMS ADOPTS JUNIPER'S CONTRAIL ENTERPRISE SOLUTION TO FURTHER NETWORKING INFRASTRUCTURE

The use of cloud infrastructure is gaining popularity among cyber criminals as they are not easily flagged by security controls, Cyware explained, adding, Because of the large user base of Google cloud services, such phishing emails can often be overlooked by the security teams.

~ Google


The use of cloud infrastructure is gaining popularity among cyber criminals as they are not easily flagged by security controls,” Cyware explained, adding, Because of the large user base of Google cloud services, such phishing emails can often be overlooked by the security teams. To combat such phishing attempts, individuals and tech leaders should ensure that they’re up to date on hackers’ latest endeavors. As one might imagine, the more knowledgeable a user is, the better prepared they are to avoid falling victim to nefarious phishing campaigns. Hackers have been abusing Google’s cloud computing service to redirect and intercept web and mail traffic on an array of vulnerable consumer routers.

Google Cloud’s infrastructure in their campaigns, threat actors have attached Google Firebase storage URLs to various phishing emails. Once a user clicks on the Firebase link in the email, they are directed to a fake login page that requests their login credentials.


The fraudulent emails cut through industries to take control of the Firebase’s data storage API in a Google Cloud Storage bucket and secretly keep malicious URLs in phishing emails, which then direct users to fraudulent pages. Fahim Abbasi, a researcher at Trustware, spoke about these phishing campaigns in his blog post and mentioned, while these campaigns deployed common phishing baits, the adoption of Google Firebase storage URLs made them look unique and authentic. He added, actors have taken undue advantage of Google’s reputation and cloud infrastructure to carry out phishing credential harvesting pages. Additionally, Abbasi also presented about nine examples with major themes of the phishing campaigns, which include release pending messages, payment invoice, verify account, upgrade email account, change password, account error, and several other similar to these.


Google Cloud Platform (GCP), offered by Google, is a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, such as Google Search, Gmail and YouTube. Alongside a set of management tools, it provides a series of modular cloud services including computing, data storage, data analytics and machine learning. Registration requires a credit card or bank account details. Google Cloud Platform provides infrastructure as a service, platform as a service, and serverless computing environments. In April 2008, Google announced App Engine, a platform for developing and hosting web applications in Google-managed data centers, which was the first cloud computing service from the company. The service became generally available. Since the announcement of the App Engine, Google added multiple cloud services to the platform.


Read more: COVID-19 HAS ACCELERATED THE LONG-DUE INVESTMENTS INTO DIGITAL INFRASTRUCTURE

Spotlight

The key to a successful business is ensuring that every stakeholder is on the same page – working toward the same goals and establishing a cultural foundation. Clearly defined expectations, processes and accountability enable productivity and synergy. And a Business Operating System (BOS) helps achieve this. Johnson Controls, wi

Spotlight

The key to a successful business is ensuring that every stakeholder is on the same page – working toward the same goals and establishing a cultural foundation. Clearly defined expectations, processes and accountability enable productivity and synergy. And a Business Operating System (BOS) helps achieve this. Johnson Controls, wi

Related News

Hyper-Converged Infrastructure, Data Storage

JupiterOne Expands Platform with Integrations for Hybrid Infrastructure and AI-Driven Usability Improvements

prnewswire | July 31, 2023

JupiterOne the industry's leading cyber asset analysis company, today announced a platform expansion focused on expanding customer capabilities by managing on-premises assets and making it easier for teams outside of security to utilize and benefit from the platform. With the market settling into hybrid infrastructure as the norm and an increasing interest in asset visibility and analysis by product and operations teams, JupiterOne has delivered a trio of features to support these emergent use cases. The J1 On-Premises Collector, Unified Device Matrix dashboard and an AI-powered natural language search bring the power of the JupiterOne platform to new environments and organizations. The J1 On-Premises Collectorextends JupiterOne's reach into privately managed environments, allowing asset data from both on-premises environments and private clouds to be easily ingested and analyzed. This will allow customers to expand the scope of assets and infrastructure they are able to manage in JupiterOne, providing them with the tools necessary to protect all their assets within one unified solution. TheAI-powered natural language searchmakes getting answers from JupiterOne much more approachable for all teams. Users can ask a question like "Show me all laptops without anti-virus software installed" and the AI translates that into a specific J1 query on the fly. This enables teams to benefit from the asset insights generated by JupiterOne without having to become a JupiterOne power user. AI is also used to provide remediation guidance for compliance and security violations found in JupiterOne, based on best practices and the organization's infrastructure. Unified Device Matrixprovides users with an easy to use, all-in-one device management dashboard. Device management solutions are often rife with errors and duplicated instances being reported by a multitude of asset data sources. Device View solves these technical challenges to provide a clean and trustworthy view into an organization's devices and proceeds to layer on additional integrations that enable critical device management use cases, such as endpoint detection and response (EDR) agents, anti-virus software and device management agents. "By making JupiterOne easier to use and extending beyond cloud infrastructure, we are supporting security-by-design programs," saysJeff Whalen, JupiterOne's Senior Director of Product Marketing. "With security-by-design, it's vital that all teams, not just security, have easy access to the data they need to be accountable for their security responsibilities. The introduction of our AI-backed usability enhancements and the new Unified Device Matrix dashboard provides that easy access and the J1 On-Premises Connector provides the breadth of asset data across hybrid infrastructure." The continued evolution of market trends has reinforced the importance of comprehensive asset analysis and the ability to provide security for a wider range of devices. These new product enhancements infuse intelligence into asset management responsibilities, elevating them to asset analysis, which provides critical insights about an organization's entire attack surface. "These expansions to JupiterOne's asset management capabilities are critical as we continue to work toward our mission to decentralize and democratize security," saidErkang Zheng, founder and CEO of JupiterOne. "As the traditional CISO role continues to evolve and we move toward the future of cybersecurity, it is important to ensure that organizations have a complete visibility into their assets, regardless of whether those assets are cloud-based or on-premises, and no matter the technological skillset of the teams which need to know that information." About JupiterOne JupiterOne is a leading cybersecurity company specializing in cyber asset and attack surface management. Customers use the JupiterOne platform to connect the dots between all assets, people, and risks, providing deep context and insight into their expanding technology footprint. With unified cyber insights and one centralized view across hybrid and multi-cloud environments, security teams can make better data-driven decisions with confidence and address critical business challenges such as Cyber Asset Attack Surface Management (CAASM), Continuous Compliance, Cloud Security Posture Management (CSPM), and Vulnerability Prioritization. JupiterOne helps teams discover assets, map relationships, and triage risks to reduce their attack surface.

Read More

Application Storage, Windows Server OS

Scala Data Centers enables new Hyperscale market in Curauma, Chile, on campus with 30MW of IT capacity

prnewswire | August 08, 2023

Scala Data Centers, the leading Latin American platform of sustainable data centers in the Hyperscale market, announces the start of the SSCLCR01 data center operations, located in Curauma, Valparaíso region, Chile. Scala's new data center, boasting an investment of US$ 65 million and a robust 5MW of IT capacity, has been launched 100% booked to one Hyperscale customer. It is strategically situated in our Curauma Campus, poised for exponential growth, as it is designed to reach a critical capacity of approximately 30MW in the coming years. Delivered in just 10 months, Scala's new data center is part of the company's strategy to enable new Hyperscale markets acrossLatin America. In addition to the availability of land, energy, connectivity, and proximity to consolidated markets – it is based 56 miles from theSantiagometropolitan area – Curauma will establish itself on the world's connectivity map with the arrival of the Humboldt submarine cable, which promises to connectLatin Americato theAsia-Pacificregions for the first time. With around 9,500 miles of fiber, the Humboldt subsea cable will bring unprecedented scale, connection quality and lower latency betweenLatin America,Asia, and Oceania. Not to mention the connection the data center will have with the U.S. West Coast. "In a scenario where 5G accelerates the deployment of various services and applications that use high data volume and require low latency, Scala has succeeded in choosing its first campus to become operational inChile," evaluates Scala's CEO and Co-FounderMarcos Peigo. "Furthermore, aligned with our purpose of enabling the future inLatin America, we have created a unique opportunity here for customers positioned on the West Coast of theUSAand for a potential group in APAC (Asia-PacificandChina) to offer their products and solutions to Latin American customers." Powered by 100% renewable and certified energy, in line with the company's portfolio, the new Chilean data center was built based on the proprietary and innovative One Scala Template design and construction methodology. With high efficiency in the use of its resources, the SSCLCR01 data center was designed to operate with a PUE (Power Usage Effectiveness) lower than 1.2-1.3 and with a WUE (Water Usage Effectiveness) of zero as it uses air cooling. The SSCLCR01 data center project was led by the company's pioneering Center of Excellence in Engineering (CoE), which has more than 340 engineers, architects, and data center specialists acrossLatin America. CoE oversees the planning and execution of all activities related to the construction and operation of a data center, from site selection, through planning, design, construction, and commissioning, which speeds up delivery to customers and brings gains in scale, energy efficiency, and greater control and visibility of projects. All SSCLCR01 data center monitoring will be conducted by the company's Command Center, located at its operations headquarters in São Paulo,Brazil, where a trilingual team extensively uses technology, artificial intelligence, and rigorous quality processes to monitor and ensure security, in line with Scala's other sites in operation. Growth inChile.In addition to Curauma Campus, Scala continues to build Lampa Campus, in the metropolitan region ofSantiago. This will be the largest data center campus ever built inChilewith an IT capacity of 80MW – considering 30MW for initial delivery in 2024. Also in theSantiagoregion, the installation of a HyperEdge data center is planned. Conceived by the CoE, this building will feature the proprietary FastDeploy design and construction methodology, which allows scalable implementation of edge data centers with the same high-quality experience as the traditional model, in up to 50% less time. Scala will invest approximatelyUS$ 400 millioninChileduring the first phase of the three campuses. Strategically positioned, they will have a combined IT capacity of over 200MW, which is equivalent to around two times the total installed capacity currently in the country, or twice the critical capacity of mature markets inEuropesuch asMadrid. Scala continues its accelerated expansion plan, with the construction of new sites at Tamboré Campus (São Paulo state,Brazil),Porto Alegrecity (Rio Grande do Sul state,Brazil), and Lampa (Chile), as well as advanced projects to implement other data centers in Jundiaí city (São Paulo state,Brazil),Fortalezacity (Ceará state,Brazil),Chile,Mexico, andColombia. Since its founding in 2020, Scala has invested more thanR$ 8 billion(~US$ 1.6 billion) in Hyperscale data centers inLatin Americaand expects to reach 500MW of distributed capacity over the next five years in four countries it operates. In 2023 alone, the company started operating three state-of-the-art data centers inLatin America, located specifically inRio de Janeiro(13.2MW IT), Tamboré (6MW IT) and, now, in Curauma (5MW IT). About Scala Data Centers Scala Data Centers is the leading Latin American platform of sustainable data centers in the Hyperscale market. Headquartered inBraziland founded by DigitalBridge, it was developed to meet and exceed the growing demand for digital access inLatin America. Scala has a highly qualified team of over 800 professionals and applies a flexible and innovative approach to providing exceptional quality colocation services to hyperscale clients, cloud-based software and service providers, and large enterprises. We customize state-of-the-art solutions for each client in the construction of the latest generation data centers, with high availability, the best energy efficiency rates, and superior density. All this allied to the best sustainability practices guided by our ESG (Environmental, Social, Governance) program.

Read More

Application Infrastructure, Data Storage

TNS and TRAFiX Launch Trading Infrastructure Partnership

businesswire | August 17, 2023

Transaction Network Services (TNS) today announced a partnership with next-generation trading and connectivity solutions provider TRAFiX to expand its order execution and routing management systems on TNS’ Dedicated Server across all major Canadian financial exchange markets. Based out of the Equinix TR2 Data Center in Toronto, TRAFiX will leverage the full-stack TNS Dedicated Server offering to optimize its custom hardware and trading connectivity requirements. TRAFiX will also use the recently launched TNS Cloud Server Management solution, which easily handles operating system installation, configuration and patching as well as monitoring, troubleshooting and access management. “The TNS bare-metal server inventory allows TRAFiX to efficiently scale and support our customers’ order management systems, execution management systems and Financial Information eXchange (FIX) routing capabilities in Canada and around the world,” said Greg Perry, TRAFiX COO. “Following our acquisition of ITS, this partnership with TNS furthers our commitment to the Canadian capital markets industry and sets the stage for building out TRAFiX’s broad solution portfolio.” “TRAFiX continues to execute our strategy to expand and serve our customers in regions around the world,” said Walter Fitzgerald, TRAFiX CEO. “This investment and installation of TNS Dedicated Server demonstrates our commitment to provide the best available technology infrastructure to support our customers today and into the future in Canada.” With the TNS Dedicated Server, TRAFiX has access to 9 standardized server options that have been optimized for front and middle office trading infrastructure to meet the specific computing needs of TRAFiX and its clients. TNS Dedicated Server is designed to deliver low latency performance of trading applications with multiple dedicated server options available. TNS’ server inventory and cloud managed data center services facilitate rapid installation and solve hardware supply chain and server management challenges for TRAFiX. “In response to our clients’ diminishing provider options in the market, we’ve significantly increased their return on outsourcing investment with full-stack server management,” said Rick Gilbody, TNS’ Head of North American Sales for its Financial Markets business. “By integrating infrastructure procurement, deployment, configuration and management, we can help our customers simplify operations, and rapidly increase their go-to-market opportunities.” Buy and sell-side institutions and their vendors can work with TNS as a single source for both managed hosting and managed infrastructure services. “The accelerated volume and low latency trading traffic that TNS can generate out of the TR2 data center will immediately allow us to gain more access and increase trading efficiencies for our mutual clients,” said Gilbody. “This strategic approach to colocation hosting is a significant milestone in expanding the ultra low latency trading footprint for Canadian financial markets, and connectivity to the greater global exchange community.” The agreement with TRAFiX represents the accelerating rollout of TNS’ bare metal colocation services and the company's new TNS Cloud platform. The complete suite of hosting solutions offers a wide range of dedicated and shared compute options to meet the needs of all trading operations and investment sectors. TNS brings together over 5,000 financial community endpoints, supported by a global, 125-strong point-of-presence footprint. Specifically designed and engineered to address the needs of financial market participants worldwide, TNS offers a range of connectivity, colocation, cloud, market data and VPN solutions within its Infrastructure-as-a-Service (IaaS) portfolio. Its solutions are monitored 24x7x365 by TNS’ Network Operations Centers in the US, UK, Australia and Malaysia. For further information visit tnsfinancial.com. About Transaction Network Services (TNS) Founded in 1990 and with headquarters across USA, Europe and Asia, TNS is a leading provider of mission-critical infrastructure, connectivity, market data and analytic services for the Financial Markets community. Delivered as a fully managed Infrastructure-as-a-Service offering, TNS provides an unrivalled, global, mission-critical footprint that significantly reduces the burdens, complexities and costs attributed to firms ‘going direct’. Through its ultra-low latency connectivity, its global market data offerings and its dedicated 24x7x365 local support, TNS remains the trusted solution provider to more than 750 counterparties globally.

Read More