Cybercriminals Host Malicious Payloads on Google Cloud Storage

[silversurfer]

A malicious email campaign targeting employees of banks and financial services companies in the United States and the United Kingdom has been abusing Google Cloud Storage for payload delivery, Menlo Labs security researchers say.

As part of the attacks, the malicious actor attempts to trick users into clicking on malicious links to archive files such as .zip or .gz. The malicious payloads, which the researchers identified as being part of the Houdini and QRat malware families, were hosted on storage.googleapis.com, the domain of the Google Cloud Storage service.

With the service used by countless companies, malicious actors can bypass security controls in place within organizations or built into commercial security products by simply hosting their payloads on the domain — the practice isn’t new.

“These attackers may have chosen to use malicious links rather than malicious attachments because of the combined use of email and the web to infect victims with this threat. Many email security products can detect malicious attachments, but identify malicious URLs only if they are already in their threat repositories,” Menlo’s security researchers explain.

Source: https://www.securityweek.com/cybercrimin...ud-storage