"Check Point researchers have identified a phishing campaign exploiting Google Cloud Application Integration, in which the "Send Email" task is leveraged to send messages to random recipients. Due to the use of this service, the malicious emails appear to be sent from trusted Google infrastructure. Furthermore, the contents of the emails mimic routine notifications (such as permission requests), making them appear legitimate and trustworthy to targets."
""The exploitation of Google Cloud's Application Integration service underscores a critical vulnerability inherent in trusted cloud automation platforms, where attackers weaponize the very tools designed to streamline enterprise connectivity," says Jason Soroko, Senior Fellow at Sectigo. "While development and IT teams legitimately utilize this integration-platform-as-a-service to synchronize data across disparate SaaS applications and orchestrate complex business workflows, threat actors have successfully subverted its 'Send Email' function to launch high-fidelity phishing attacks from an authoritative Google domain.""
A phishing campaign exploited Google Cloud Application Integration by leveraging the 'Send Email' task to send messages to random recipients. The malicious emails appeared to be sent from trusted Google infrastructure and mimicked routine notifications such as permission requests, increasing perceived legitimacy. Within the 14 days before Dec. 22, 9,394 phishing emails were sent, targeting about 3,200 customers. The campaign primarily targeted finance/banking/insurance (14.8%), technology/SaaS (18.9%), and manufacturing/industrial (19.6%), with professional services and retail also affected. Attackers weaponized legitimate cloud automation to impersonate Google notifications and bypass sender reputation and domain-based detection controls.
#phishing #google-cloud-application-integration #cloud-automation-abuse #email-spoofing #enterprise-security
Read at Securitymagazine
Unable to calculate read time
Collection
[
|
...
]