Wednesday, April 23, 2025
Follow us On Linkedin
HomeCyber AttackCyber Criminals Exploiting Google Drive, OneDrive to Hide Malicious Traffic

Cyber Criminals Exploiting Google Drive, OneDrive to Hide Malicious Traffic

Cyber AttackCyber Security News

Published on

By Tushar Subhra
Cyber Criminals hide malicious traffic

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

Threat actors are actively modifying their TTPs to counter the advanced security mechanisms and tools to accomplish their illicit goals for several malicious purposes.

Hiding malicious traffic on cloud storage platforms is not an entirely new concept, and threat actors are shifting toward this concept.

Security researchers at Insikt recently identified that hackers actively exploit popular and trusted cloud platforms to hide malicious traffic.

- Advertisement - Google News

Hiding Malicious Traffic

This strategy boosts data theft efficiency and weakens the security mechanisms and defense implemented. In the case of exploitation of this approach, the APT groups take the lead, and the less advanced groups take the second lead.

This type of exploitation by hackers shows how robust, adaptable defense strategies and security mechanisms are needed to mitigate such evolving attacks.

C2 infrastructure setup (Source – Insikt)

In the report shared with Cyber Security News, researchers noted that limited reporting delays the exact trend analysis. However, the following key things suggest a rising trend in LIS abuse:-

  • Well-known malware’s LIS (Legitimate Internet Services) abuse
  • New strain adoption
  • APT innovation

Besides this, shifting threat tactics reduce the IOC blocking and efficacy of the basic detections. But, the solution for an effective defense system, the following things have to be performed:-

  • Multi-method approach (network, file, log detection)
  • Proactive Internet service assessment
  • Attack simulations

Security analysts analyzed more than 400 malware families, and they identified the following data:- 

  • Use of LIS (25%)
  • Use of multiple LIS (68.5%)
  • Use of Infostealers (37%)

Most abused cloud platforms:-

  • Google Drive
  • OneDrive

Most abused messaging apps:-

  • Telegram
  • Discord

For robust defense, properly learning about all the legitimate and malicious service usage is one of the key factors for comprehensive detection and security.

Recommendations

Here below, we have mentioned all the provided recommendations:-

  • Properly understand service contexts for lasting security.
  • Make sure to enhance nuanced detection. 
  • Implement TLS interception for visibility.
  • Make sure to flag the malicious LIS usage.
  • Deploy proactive threat-hunting techniques.

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Cyber Attack

Hackers Exploit NFC Technology to Steal Money from ATMs and POS Terminals

In a disturbing trend, cybercriminals, predominantly from Chinese underground networks, are exploiting Near Field...
Cyber Attack

Threat Actors Leverage TAG-124 Infrastructure to Deliver Malicious Payloads

In a concerning trend for cybersecurity, multiple threat actors, including ransomware groups and state-sponsored...
Cyber Attack

Ransomware Actors Ramp Up Attacks Organizations with Emerging Extortion Trends

Unit 42’s 2025 Global Incident Response Report, ransomware actors are intensifying their cyberattacks, with...
Cyber Attack

New SMS Phishing Attack Weaponizes Google AMP Links to Evade Detection

Group-IB’s High-Tech Crime Trends Report 2025 reveals a sharp 22% surge in phishing websites,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

Register Now

More like this

Cyber Attack

Hackers Exploit NFC Technology to Steal Money from ATMs and POS Terminals

In a disturbing trend, cybercriminals, predominantly from Chinese underground networks, are exploiting Near Field...
Cyber Attack

Threat Actors Leverage TAG-124 Infrastructure to Deliver Malicious Payloads

In a concerning trend for cybersecurity, multiple threat actors, including ransomware groups and state-sponsored...
Cyber Attack

Ransomware Actors Ramp Up Attacks Organizations with Emerging Extortion Trends

Unit 42’s 2025 Global Incident Response Report, ransomware actors are intensifying their cyberattacks, with...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2025 GBHackers On Security - All Rights Reserved