Thursday, May 22, 2025
HomeCloudHackers Abusing Google Cloud For Phishing

Hackers Abusing Google Cloud For Phishing

Published on

SIEM as a Service

Follow Us on Google News

Threat actors often attack cloud services for several illicit purposes. Google Cloud is targeted due to its extensive and powerful resources, which could be abused for a multitude of malicious activities.

The vast amounts of data and computing power that Google Cloud services provide often lure threat actors. Due to the complexity of cloud environments, this can also enable them to go undetected.

The Google Cloud Threat Horizons recently unveiled that hackers have been actively abusing the Google Cloud for phishing.

- Advertisement - Google News

Google Cloud For Phishing

The Google Cloud Threat Horizons Report, drawn from various Google teams, such as TAG and Mandiant, discloses strategic intelligence concerning cloud security threats across providers.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

It points out serverless computing as a transformative concept that could be fragile.

Three key areas of focus for cloud security professionals need to be considered when developing strategies to address emerging serverless cloud threats. These include mitigating risks deriving from customer misconfigurations while taking advantage of expandability and reduced operational overheads.

Here below, we have mentioned the considerations that need to be prioritized:-

  • Compromised credentials
  • Exploited misconfiguration
  • Distribution of malware

In H1 2024, Google Cloud Office of the Cloud CISO conducted a deep investigation into cloud security incidents based on data from a Google Security Operations Center.

The research showed that weak or no password remained the first major path to illicit entry, while misconfigurations hit over 30% of cases and mostly involved free service account keys.

Initial Access Vectors of Concern (H1 2024) (Source – Google Threat Horizon)

Cryptomining continued to be the principal motive for intrusions at 59%, slightly down from 65% in H2 2023.

Observed Impact of Intrusion (H1 2024) (Source – Google Threat Horizon)

These discoveries are significant as they show how serverless computing can help with some configuration-related vulnerabilities and why it is important in a comprehensive defense-in-depth strategy.

In this respect, the analysis highlights how organizations should prioritize credential management over other issues, observe strict configurations, and adopt serverless architectures to improve their cloud security maturity models against emerging threats.

Serverless computing, though it offers many benefits, requires a security-first approach from its beginning.

This analysis by Mandiant over two years has indicated crucial risks that serverless architecture faces across cloud providers.

These comprise hard-coded and clear-text secrets that can result in unauthorized access, threat actors taking advantage of serverless infrastructure to carry out malicious activities, which could use its scalability against it to launch attacks, unsafe design and development practices introducing vulnerabilities as well as misconfigured back-end services exposing sensitive data or functionalities.

Organizations must take robust security measures to tackle these specific threats and properly handle serverless technology.

During the years 2023-2024, two threat actors “PINEAPPLE” and “FLUXROOT” used Google Cloud services to deliver malware that was aimed mainly at people living in Latin America. 

The Google teams reacted by setting up detection capabilities, obstructing the malicious URLs, and suspending associated projects, which dramatically shortened the campaign’s efficacy.

Mitigations

Here below, we have mentioned all the mitigations:-

  • Manage high-privilege accounts strictly.
  • Apply least privilege principles.
  • Implement malware detection controls.
  • Collaborate with CISA for malware analysis.
  • Monitor for leaked credentials.
  • Develop credential reset playbooks.
  • Use Container Threat Detection.
  • Avoid untrusted containers.
  • Configure Cloud Functions network settings.
  • Control network ingress and egress for Cloud Run.

Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Cisco Unified Intelligence Center Vulnerability Allows Privilege Escalation

Cisco has disclosed two security vulnerabilities in its Unified Intelligence Center that could allow...

New NIST Security Metric Aims to Pinpoint Exploited Vulnerabilities

Researchers from the National Institute of Standards and Technology (NIST) and the Cybersecurity and...

Versa Concerto 0-Day Flaw Enables Remote Code Execution by Bypassing Authentication

Security researchers have uncovered multiple critical vulnerabilities in Versa Concerto, a widely deployed network...

Hackers Targets Coinbase Users Targeted in Advanced Social Engineering Hack

Coinbase users have become the prime targets of an intricate social engineering campaign since...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Cisco Unified Intelligence Center Vulnerability Allows Privilege Escalation

Cisco has disclosed two security vulnerabilities in its Unified Intelligence Center that could allow...

New NIST Security Metric Aims to Pinpoint Exploited Vulnerabilities

Researchers from the National Institute of Standards and Technology (NIST) and the Cybersecurity and...

Versa Concerto 0-Day Flaw Enables Remote Code Execution by Bypassing Authentication

Security researchers have uncovered multiple critical vulnerabilities in Versa Concerto, a widely deployed network...