Attackers Use Google Cloud to Target US, UK Banks

  /     /     /  
Publicated : 23/11/2024   Category : security


Attackers Use Google Cloud to Target US, UK Banks


Employees at financial services firms hit with an email attack campaign abusing a Google Cloud storage service.



A malicious email campaign has been found abusing a Google Cloud Storage service to host a payload sent to employees of financial services organizations, Menlo Labs researchers report.
The threat appears to have been active in the US and UK since August 2018. Victims receive emails containing links to archive files; researchers say all instances in this particular campaign have been .zip or .gz files. All cases involve a payload hosted on storage.googleapis.com, which appears to be related to Googles cloud storage service but is, in fact, a malicious link.
Attackers often use this domain to host payloads because its trusted and likely to bypass security controls in commercial threat detection products. These actors may have chosen bad links in lieu of malicious attachments because many email security products are designed to detect files and only pick up on malicious URLs if theyre already in their threat repositories.
The use of a link resembling Googles cloud storage service is a form of reputation jacking, a tactic in which attackers abuse well-known hosting services to evade detection. Its a growing trend, researchers say: In its annual
analysis
of the top 100,000 domains as ranked by Alexa, Menlo Labs found 4,600 phishing sites that used legitimate hosting services.
Google has responded to the report. We regularly remove malware on Google Cloud Storage, and our automated systems suspended the malware referred to in this report, a spokesperson says. Further, account holders who suspect abuse can report it via Googles
site
.
Read more details
here
.

Last News

▸ Car Sector Speeds Up In Security. ◂
Discovered: 23/12/2024
Category: security

▸ Making use of a homemade Android army ◂
Discovered: 23/12/2024
Category: security

▸ CryptoWall is more widespread but less lucrative than CryptoLocker. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Attackers Use Google Cloud to Target US, UK Banks