Cybercriminals Use Enterprise Cloud to Create Phishing Hooks | Cyware Alerts


A recent phishing campaign has been spotted that uses a trio of enterprise cloud services to steal your credentials.

What’s going on?

This phishing campaign pretends to be from a helpdesk – servicedesk[.]com – mimicking similar wordings used by real IT helpdesks. Attackers used well-known enterprise cloud services including Microsoft Dynamics, Microsoft Azure, and IBM Cloud, to host their phishing pages. This added legitimacy to their campaign and also helped them bypass security filters that trust domains associated with such legitimate enterprise services.

The mechanism behind it

  • The campaign seems to be legitimate due to the presence of renowned enterprise solutions. 
  • Domains hosted on IBM Cloud and Azure get free SSL certificates that include the organizations’ names, taking the legitimate appearance a notch higher.
  • The lack of SPF, DMARC, and DKIM validations on the servicedesk[.]com domain allows attackers to take advantage of this domain.  

Some instances of phishing campaigns

Recently, attackers utilized the Google Cloud infrastructure service to conduct phishing by attaching Google firebase storage URLs in phishing emails.
  • This year May, phishing campaigns were spotted using Google Firebase Storage to bypass email security filters.
  • In the same month, another phishing campaign was uncovered to be spoofing notifications from Microsoft Team’s collaboration platform to pilfer Office 365 credentials. 
  • Last year, a spearphishing campaign hit an energy service provider, impersonating the company’s CEO to send phishing emails that leveraged Google Drive.

The takeaway

Cases of abusing legitimate cloud infrastructure are going through the roof. Phishing emails are a pain in the neck for users across any domain and could lead to large-scale intrusions as well. With free SSL certificates, threat actors are able to bypass spam filters and security measures. Thus, more sophisticated security standards are the need of the hour to protect against evolving cyber threats.



Source link

Recent articles

Ohio Governor Says His Flawed Virus Test Shouldn’t Undercut New, Rapid Methods

Gov. Mike DeWine of Ohio, who last week tested positive for the coronavirus, then negative and then negative again, said on CNN on...

Egypt extends detention of Al Jazeera journalist Mahmoud Hussein | News

Egyptian authorities have extended the detention of Al Jazeera journalist Mahmoud Hussein by another 45 days. The extension on Sunday came more than 1,300...

Created with Blender 2.8: ‘Take on me’ cover: Arrangement for Flute orchestras

PiDi writes: 'Take on me' cover: Arrangement for Flute orchestras (Cover) Similar to the original video, it looks like a comic book. All image effects were...

Looks Like AT&T Cancelled Plans for WB Interactive Sale

Following months of reports about its sale, Warner Bros. Interactive Entertainment seems to be resting safely with AT&T for now, if comments by...

Leave a reply

Please enter your comment!
Please enter your name here