This article is more than 1 year old
Be wary of emails with links to ... er, Google Drive? Is that right?
Alibaba, Azure and more used for badness, warns infosec biz
Spammers are increasingly turning to common file-sharing and object storage services such as Google Drive and Microsoft Azure, in an attempt to evade ever-better corporate filters.
"Embedding links to trusted services helps attackers bypass traditional content filters, such as spam filters, which might otherwise block the scams," opined infosec biz Netskope in its recent research into the phenomenon of phishing emails leveraging popular file-sharing sites.
The attack vector is simple: the victim receives an email or SMS with bait text encouraging them to click a link to one of the popular sites. Netskope named these as Google Drive, AWS, Azure and Alibaba.
Aside from looking convincing to potential victims, it offers them links to sites they would otherwise trust, instead of the old-fashioned approach of sending links to new domains controlled by attackers. As public awareness of basic infosec techniques rises, cybercrims are moving with the times.
Powershell, the Gandcrab infection and the long-forgotten serverREAD MORE
Moreover, reckoned Netskope, using public file-hosting sites makes it easier to bunny-hop from one to another when links or uploads are taken down, rather than the mild faff it causes the miscreants when entire domains used for criminal purposes are deleted.
"While currently only being used for long-running scams targeting individuals, these techniques could also be used to target business who use services such as Google Drive," said Netskope's Abhinav Singh in a statement. "We should begin educating users and putting controls in place to protect ourselves against the onslaught of attackers abusing cloud services."
Targeted techniques for phishing and malware deployment are gaining popularity among cybercrims, as Britain's GCHQ spy agency mentioned during a public conference last week, referring to one specific instance of black hats abusing a pairing feature on OTT app Viber to secure instant access to a target's phone contacts book.
Social engineering, as an attack vector, is on the rise too, with criminals relying on tried and tested strategies that are almost as old as the invention of email itself instead of developing ever more powerful malware strains. Those techniques are paying off, as Indian outsourcer Wipro found to its cost. ®