Zero-Hour Phishing Attack on Google’s App Engine Targeting Office 365 Users Pushes Holiday Spike Above 100%

As we write this post, SlashNext Threat Labs is witnessing an active attack on Google’s App Engine service via Appspot.com designed to steal Office 365 user credentials. The subpages are indistinguishable from an authentic log in, and because the phish is hosted on Google Cloud Platform, it cannot be blacklisted. In its first 36 hours, the attacker has created 20,000 subpages, a threat too fast for human forensics to stop.

It has yet to be detected by any other threat detection service; all of which believe nothing is wrong. Over 70 anti-phishing services show Google App Engine remains “clean.”

With the average cost of a breach in 2020 totaling $2.8 million, phishing has become a very real concern. By mid-2020, SlashNext Threat Labs saw the number of daily phishing threats top the 25,000 a day mark, a 30% increase over 2019 figures. By early December, that number had grown to 35,000/day. The latest attack on Google has pushed that figure above 50,000/day.

Throughout 2020, we’ve seen a litany of high-profile phishing attacks that have created real damage. These included the Marriott International data breach that affected 5.2 million customers in April. In July, the Twitter spear-phishing attacks compromising several notable accounts, including Elon Musk, President Obama, and Bill Gates. Another spear-phishing attack began in September, targeting the World Health Organization’s initiative for distributing COVID-19 vaccines to developing countries. Then there was a Home Depot credential-stealing campaign that exposed hundreds of Canadian customers’ private order confirmations, including partial credit card information.

What makes this problem more urgent is that 10% of employees and consumers clicked on a phishing attack in December, a number that has spiked to 40% during the past 36 hours, according to data SlashNext Threat Labs has compiled across more than 100 large and mid-sized enterprises. And yet, it only takes one person to compromise the network.

Phishing has emerged as the most effective and far-ranging tool used to perpetrate cybersecurity breaches. A phishing attack could very well be a guaranteed way to breach an organization regardless of how sophisticated its cyber defenses are thanks to the human element involved.

Mission impossible
These well-reported incidents illustrate not only the ease at which phishing can be done but how it has become virtually impossible to discern between what is a real site and one that has been spoofed. Threat actors are using the same sophisticated technologies that companies use to defend themselves. These include artificial intelligence (AI), machine learning, real-time data analysis; the list goes on.

The shift to remote working, learning and playing, and the convergence of our work and personal lives on the same device thanks to the COVID-19 pandemic are major contributors to the explosion of phishing in 2020. But it remains a global problem.

Cybercriminals are using fake login scams, scareware tactics, fraudulent ads, and rogue software downloads as attack payloads. They are attacking in and outside of email using SMS/iMessage, social networks, new collaboration, videoconferencing, and gaming services, significantly affecting the brands and reputations of businesses, consumers, and service providers alike.

Unsurprisingly, people have been distracted due to the events of the past year. This will likely not change until at least the Fall of 2021, when things might begin returning to normal.

Underestimating the problem
And yet, many organizations still do not think phishing is their biggest concern. Some might not even be using the latest tools to defend themselves against next-generation phishing technology.

For our part, SlashNext has developed AI-driven phishing 2.0 protection that is superior to traditional tactics like domain reputation, URL inspection, and human forensics. This AI phishing detection cloud with patented SEER technology has the industry’s largest phishing database, delivering 99.07% accuracy and one-in-one million false positives.

SlashNext inspects billions of internet transactions and millions of suspicious URLs daily using virtual browsers to detect zero-hour phishing attacks across all communication channels 30 days before they live. When phishing campaigns are launched, including the active attack on Google, which ultimately attacks Office 365 users, threats are already blocked, and users are protected immediately.

The digital frontier has become the Wild West, and solutions like SlashNext form part of humanity’s last hope to survive the scourge of phishing.

Blog Subscription

It’s Time to Get Started with SlashNext

Experience the difference with broad phishing threat coverage and automated delivery.