Google Cloud Under Siege

It’s no secret that popular cloud and web services are a prime target for hackers to host phishing sites. The highly reputable domains and infrastructures used by these cloud services provide a perfect cover to hide phishing footprints. Long gone are the days when catching phishing was as easy as blocking all newly registered domains.

Not all cloud and web services are equal, especially when it comes to phishing infiltration. In the last three months, SlashNext discovered more than 50,000+ phishing URLs abusing various Google Cloud areas. Below is the exact breakdown.

Google Service # Phishing Urls
firebasestorage.googleapis.com 9731
storage.googleapis.com 7591
drive.google.com 5098
web.app 4290
appspot.com 25057
appdomain.cloud 1206
docs.google.com 2491
Total 55464

It’s quite scary to see that a company like Google at the forefront of phishing protection is a victim.  Not to say that Google is not paying attention to securing its infrastructure, it’s more about the speed and methods thousands of hackers are employing to fool automated systems and humans alike.

Another noticeable trend is the inability of other security vendors to detect these attacks.  It’s quite familiar for us to see 60+ vendors missing phishing attacks detected by SlashNext. Below are a few examples where Google Chrome powered by Safe Browsing was unable to catch these attacks hosted on Google Cloud. Also attached are the screenshots of the VirusTotal scan.

Fig 1: An example of phishing hosted on storage.googleapis.com

Fig 2: An example of phishing hosted on firebasestorage.googleapis.com

 

Fig 3: An example of phishing hosted on appspot.com

Fig 4: An example of phishing hosted on docs.google.com

 

Fig 5: An example of phishing hosted on web.app

It’s not very hard to imagine that the future of phishing protection lies not to trust any domain or infrastructure but deep inspection of each URL– an approach used by SlashNext SEER technology

SlashNext is the phishing authority and leading the fight to protect the world’s internet users from phishing anywhere. SlashNext end-to-end phishing protection services utilize our patented SEER technology to detect zero-hour phishing threats by performing dynamic run-time analysis on billions of URLs a day through virtual browsers and machine learning. Take advantage of SlashNext’s services using mobile apps, browser extensions, and APIs that integrate with leading mobile endpoint management and IR tools. Contact us today to request a demo.

Blog Subscription

It’s Time to Get Started with SlashNext

Experience the difference with broad phishing threat coverage and automated delivery.