Can Cloud Services be Abused? Does the Sun Come Up Every Day?

Yes cloud service can be abused – but let’s be specific:

Dark reading article:

 

The attack chain begins with the threat actor sending potential victims an email—on a topic of likely interest or relevance to the victim—with a link to a document on Google Docs. Users who follow the link are directed to a Google Docs page with what appears to be a downloadable document, according to researchers at Avanan.

The page looks like a typical Google Docs page for sharing documents outside the organization. However, in reality it is a custom Web page that is designed to look like a Google Docs page, according to the researchers. When a user clicks on the link to download the document, they are redirected to a malicious phishing website that looks exactly like the sign-in page for Google Docs. Users who enter their username and password end up having their credentials stolen.

The attack is revealed in detail atAvanan.com blog

As Avanan helpfully illustrates the above email is a fake email which points to a Google Docs page (which is fake ), If you then click on Google Docs link and use the “publish to the web” feature.

You will see the following eventually point to the hacker fake Google Doc server

The attacker will try to get you to enter your google login into their portal  (which is fake and run by the hackers).

There are a lot of ifs here, but it is a new attack and if one is not careful you could enter your credentials into a non-Google system. And then your email and password has been stolen.

 

Everyone that uses Google should familiarize themselves with this Phishing attack.

 

Contact me to discuss but I always say that there will be new attacks coming and that is why one must always pay attention to news accounts of attacks.

 

 

 

 

 

 

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.