It’s no secret that popular cloud and web services are a prime target for hackers to host phishing sites. The highly reputable domains and infrastructures used by these cloud services provide a perfect cover to hide phishing footprints. Long gone are the days when catching phishing was as easy as blocking all newly registered domains.
Not all cloud and web services are equal, especially when it comes to phishing infiltration. In the last three months, SlashNext discovered more than 50,000+ phishing URLs abusing various Google Cloud areas. Below is the exact breakdown.
| Google Service | # Phishing Urls |
| firebasestorage.googleapis.com | 9731 |
| storage.googleapis.com | 7591 |
| drive.google.com | 5098 |
| web.app | 4290 |
| appspot.com | 25057 |
| appdomain.cloud | 1206 |
| docs.google.com | 2491 |
| Total | 55464 |
It’s quite scary to see that a company like Google at the forefront of phishing protection is a victim. Not to say that Google is not paying attention to securing its infrastructure, it’s more about the speed and methods thousands of hackers are employing to fool automated systems and humans alike.
Another noticeable trend is the inability of other security vendors to detect these attacks. It’s quite familiar for us to see 60+ vendors missing phishing attacks detected by SlashNext. Below are a few examples where Google Chrome powered by Safe Browsing was unable to catch these attacks hosted on Google Cloud. Also attached are the screenshots of the VirusTotal scan.
Fig 1: An example of phishing hosted on storage.googleapis.com
Fig 2: An example of phishing hosted on firebasestorage.googleapis.com
Fig 3: An example of phishing hosted on appspot.com
Fig 4: An example of phishing hosted on docs.google.com
Fig 5: An example of phishing hosted on web.app
It’s not very hard to imagine that the future of phishing protection lies not to trust any domain or infrastructure but deep inspection of each URL– an approach used by SlashNext SEER technology
SlashNext is the phishing authority and leading the fight to protect the world’s internet users from phishing anywhere. SlashNext end-to-end phishing protection services utilize our patented SEER technology to detect zero-hour phishing threats by performing dynamic run-time analysis on billions of URLs a day through virtual browsers and machine learning. Take advantage of SlashNext’s services using mobile apps, browser extensions, and APIs that integrate with leading mobile endpoint management and IR tools. Contact us today to request a demo.