• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Emotet IOCs
July 27, 2020
Rewterz Threat Advisory – CVE-2019-18834 – WooCommerce Subscriptions plugin for WordPress cross-site scripting
July 28, 2020

Rewterz Threat Alert – Google Cloud Service Used in Phish of Office 365 Logins

July 28, 2020

Severity

Medium

Analysis Summary

Using public cloud services as landing pages, cybercriminals are attempting to phish the Office 365 credentials of unsuspecting users. Hosting a malicious PDF and using Google’s storage.googleapis.com has become the latest trend in phishing tactics. Identified by researchers, the PDF was made to look like a gateway to content available through SharePoint. Should a victim follow the link, a phishing page is loaded asking for the user to login using their Office 365 credentials or organization ID.

cpr-cloud-1.png

An Outlook window will launch to complete the login process, thus providing the requested document and providing threat actors with a plethora of usable information from which they may gain access to a user’s account. The use of legitimate hosting services and obtaining a genuine PDF leads users to believe the phishing attempt is a legitimate endeavor. Source code reveals a third-partly location from which the documents are loaded. Detection is possible since using a redirected landing page shows some suspicious activity. This type of activity dates back to 2018 when the phishing pages were located on a malicious website, then moving to Azure storage, and finally, Google Cloud.

CPR-Cloud-3.png

Impact

  • Credentials theft
  • Exposure of sensitive data

Remediation

  • Always be suspicious about emails sent by unknown senders.
  • Never click on links/attachments sent by unknown senders.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.