Cybersecurity News in Asia

Features
- Featured
  
  How to talk to your board and C-suite about cyber-preparedness
  
  Thursday, June 1, 2023, 11:33 AM Asia/Singapore | Features, Tips
- Featured
  
  Ransomware trends APAC organizations should be mindful of
  
  Tuesday, May 30, 2023, 2:02 PM Asia/Singapore | Features, Malware & Ransomware
- Featured
  
  Generative AI – the cybercriminal’s latest tool of terror?
  
  Tuesday, May 23, 2023, 11:20 AM Asia/Singapore | Features
News
- Featured
  
  How one ransomware group caused data breaches for three Bs in the UK
  
  Friday, June 9, 2023, 9:34 AM Asia/Singapore | News, Newsletter
- Featured
  
  Three cyber threat trends observed in May 2023
  
  Thursday, June 8, 2023, 9:54 AM Asia/Singapore | Cyberthreat Landscape, News, Newsletter
- Featured
  
  Thailand’s Defence Technology Institute shores up national cyber defence training
  
  Thursday, June 8, 2023, 8:54 AM Asia/Singapore | Case Study, News, Newsletter
Opinions
Tips
Whitepapers
Awards 2022
Directory
E-Learning

News

Google App Engine feature abused to deliver phishing and malware undetected

By CybersecAsia editors | Friday, October 2, 2020, 2:52 PM Asia/Singapore

Attackers may be getting more crafty by the hour, but does Google’s “trusted” cloud platform has made their work easier.

Is it not ironic that Google’s App Engine domains can be abused to deliver phishing and malware undetected by security solutions? The cloud-based GCP service platform is used for the development and hosting of web apps on Google’s pervasive servers.

As reported worldwide, Marcel Afrahim, a security researcher, has demonstrated that the Google App Engine’s subdomain generator could be abused for malicious purposes. What is worse is that, ordinary users will be informed that all of the malicious subdomains are “Verified by Google Trust Services” sites. And the affected ‘reputable’ domains are passed by SSL certificates, thus circumventing security solutions.

In this case, said Boris Cipot, Senior Security Engineer, Synopsys Software Integrity Group,the domain from which the attacks originate is well known. The attackers are also using the official, signed SSL certificates. These two factors make it especially hard to identify friend from foe. “Individual users and organizations should be on high alert. Monitor any changes, because it can be crucial to learn about the mitigation techniques and to apply amended safeguards once they emerge.”

Security researchers and organizations are working on a solution, posting known domain names and sites where gathered information (such as leaked logins) is sent.

“Everyone, not just big enterprises, should be extremely careful as modern phishing attacks are becoming very professional. Attackers have learned from previous mistakes and are improving tactics around spelling, language, and general greetings, among other elements that were once common ways to identify phishing attempts,” Cipot said.

Unfortunately, due to these improvements, users are no longer so able to spot phishing emails. Therefore, organizations should use other technical means to surpass the deficit in spotting such messages, thus improving resilience by avoiding known phishing domains and treating unknown domains as high risk.