Attackers may be getting more crafty by the hour, but does Google’s “trusted” cloud platform has made their work easier.
Is it not ironic that Google’s App Engine domains can be abused to deliver phishing and malware undetected by security solutions? The cloud-based GCP service platform is used for the development and hosting of web apps on Google’s pervasive servers.
As reported worldwide, Marcel Afrahim, a security researcher, has demonstrated that the Google App Engine’s subdomain generator could be abused for malicious purposes. What is worse is that, ordinary users will be informed that all of the malicious subdomains are “Verified by Google Trust Services” sites. And the affected ‘reputable’ domains are passed by SSL certificates, thus circumventing security solutions.
In this case, said Boris Cipot, Senior Security Engineer, Synopsys Software Integrity Group,the domain from which the attacks originate is well known. The attackers are also using the official, signed SSL certificates. These two factors make it especially hard to identify friend from foe. “Individual users and organizations should be on high alert. Monitor any changes, because it can be crucial to learn about the mitigation techniques and to apply amended safeguards once they emerge.”
Security researchers and organizations are working on a solution, posting known domain names and sites where gathered information (such as leaked logins) is sent.
“Everyone, not just big enterprises, should be extremely careful as modern phishing attacks are becoming very professional. Attackers have learned from previous mistakes and are improving tactics around spelling, language, and general greetings, among other elements that were once common ways to identify phishing attempts,” Cipot said.
Unfortunately, due to these improvements, users are no longer so able to spot phishing emails. Therefore, organizations should use other technical means to surpass the deficit in spotting such messages, thus improving resilience by avoiding known phishing domains and treating unknown domains as high risk.