Cybercriminals Host Malicious Payloads on Google Cloud Storage
#1
Quote:A malicious email campaign targeting employees of banks and financial services companies in the United States and the United Kingdom has been abusing Google Cloud Storage for payload delivery, Menlo Labs security researchers say.

As part of the attacks, the malicious actor attempts to trick users into clicking on malicious links to archive files such as .zip or .gz. The malicious payloads, which the researchers identified as being part of the Houdini and QRat malware families, were hosted on storage.googleapis.com, the domain of the Google Cloud Storage service.

With the service used by countless companies, malicious actors can bypass security controls in place within organizations or built into commercial security products by simply hosting their payloads on the domain — the practice isn’t new.

“These attackers may have chosen to use malicious links rather than malicious attachments because of the combined use of email and the web to infect victims with this threat. Many email security products can detect malicious attachments, but identify malicious URLs only if they are already in their threat repositories,” Menlo’s security researchers explain.

Source: https://www.securityweek.com/cybercrimin...ud-storage
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
ESET 19.2.7.0
Changes in 19.2.7....harlan4096 — 07:45
Mozilla Firefox Browser 152.0.4
Mozilla Firefox Br...harlan4096 — 07:44
Avast 26.6.11052 & AVG 26.6.11052
Avast 26.6.11052: ...harlan4096 — 07:43
AnyDesk 8.0.4 for Linux
Version 8.0.4 for ...harlan4096 — 07:40
Rufus 4.15
Rufus 4.15 (stable...harlan4096 — 07:39

[-]
Birthdays
Today's Birthdays
avatar (43)uapedDow
avatar (47)suiscced
avatar (48)Angarpaf
avatar (41)clarissalo60
Upcoming Birthdays
avatar (47)dapedDow
avatar (49)TromPerl
avatar (46)RidgeDimb
avatar (37)ipumaqar
avatar (51)tanliorsPeri
avatar (43)lapedDow
avatar (49)rituabew
avatar (37)omyjul
avatar (41)papedDow
avatar (50)ArnoldFum
avatar (38)yfaza
avatar (49)Kevensi
avatar (48)ConradRoand
avatar (39)boineDon
avatar (51)spoofTum
avatar (50)WillieVot
avatar (40)Grompelbawn
avatar (41)vkseogaF
avatar (37)usogy
avatar (41)optsaZes
avatar (40)RaymondViata
avatar (40)ywixazok
avatar (38)ixoqe
avatar (56)Step 1
avatar (36)pa.OpenTran

[-]
Online Staff
harlan4096's profile harlan4096
Administrator

>