Google AMP Abused in Phishing Attacks Aimed at Enterprise Users
Introduction
As technology evolves, so do the tactics used by cybercriminals to deceive and exploit unsuspecting users. In a recent report by email protection firm Cofense, it has been revealed that threat actors are leveraging the Google Accelerated Mobile Pages (AMP) HTML framework in their phishing campaigns. This new tactic allows attackers to evade detection and target enterprise users for their login credentials. These phishing attacks have proven to be successful at bypassing secure email gateways and reaching their intended victims.
The Role of Google AMP
Google AMP is an open-source HTML framework designed to improve the performance of mobile web pages. It enables developers to create websites that are optimized for both desktop and mobile devices. One of the features of Google AMP allows site builders to host newly created pages on Google AMP URLs. This feature has been exploited by threat actors to trick users into believing that they are visiting legitimate websites hosted on trusted Google domains.
Attack Techniques
According to Cofense, the attackers have combined the use of Google AMP URLs with well-established tactics, techniques, and procedures (TTPs) to make their phishing campaigns even more convincing and successful. These include:
1. Image-based phishing emails: Instead of using traditional email text, the attackers replace the body of the email with an HTML image. This makes it harder for security systems to detect the malicious content.
2. URL redirection: The attackers leverage trusted domains such as Microsoft.com for hosting the redirection to the Google AMP domain. This further enhances the credibility and legitimacy of the phishing campaign.
3. Abusing CAPTCHA services: By placing the CAPTCHA before the malicious URL, the attackers are able to evade email security systems that automatically scan the content of emails. This adds an extra layer of deception to their phishing attacks.
The Impact on Enterprise Users
The primary target of these phishing attacks is enterprise users, who are vulnerable to such threats due to the sheer volume of emails they receive and the potential implications of a breach. By tricking employees into entering their login credentials on fake Google AMP websites, the threat actors gain unauthorized access to sensitive company information, including intellectual property, customer data, and financial records. The success of these attacks lies in the trusted status and legitimacy of the Google domains that each URL is hosted on.
Advice for Enterprise Users
To protect themselves and their organizations from these phishing attacks, enterprise users should:
1. Be cautious of emails with Google AMP URLs: If an email contains a Google AMP URL leading to a login page, it is important to verify the legitimacy of the email and the underlying URL before entering any credentials. Double-check the domain name and look for any suspicious signs, such as misspellings or unusual characters.
2. Enable multi-factor authentication (MFA): By enabling MFA, even if an attacker gains access to a user’s login credentials, they would still need an additional authentication factor, such as a code generated on a mobile device, to access the account. This adds an extra layer of protection and significantly reduces the risk of unauthorized access.
3. Stay vigilant for phishing indicators: Be on the lookout for common signs of phishing, such as grammatical errors, urgent requests for personal information, or unexpected email senders. Phishing emails often try to create a sense of urgency or exploit fears to prompt immediate action.
4. Regularly update passwords: It is essential to regularly update passwords and avoid reusing them across multiple accounts. Strong, unique passwords help minimize the impact of a potential breach and reduce the risk of unauthorized access.
5. Report suspicious emails: If users encounter suspicious emails, it is important to report them to the organization’s IT or security department. This helps raise awareness and allows for appropriate action to be taken.
The Future of Phishing Attacks
As this new tactic demonstrates, cybercriminals are continually evolving their methods to bypass security defenses and exploit unsuspecting users. It is crucial for individuals and organizations to remain vigilant, stay informed about the latest phishing techniques, and implement robust security measures to protect themselves from these threats. While technological advancements play a role in enhancing security, it is equally important to educate and raise awareness among users to prevent them from falling victim to phishing attacks.
<< photo by Shahadat Rahman >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- The Dark Clouds Over Iran’s Cloudzy: Allegations of Cybercriminal and Nation-State Ties
- The Dual Role of Cloudzy: Facilitating Cybercrime and Nation-State Cyber Attacks
- Norwegian Government Targeted by Ivanti Zero-Day: APT Attack in Progress Since April
- AWS SSM Agent Misuse: Unveiling the Covert Remote Access Trojan Undetected
- “Securing the Web: Firefox Releases 116 Patches to Combat High-Severity Vulnerabilities”
- Are Critical Infrastructure Workers More Resilient to Phishing Attacks?
- African Nations under Siege: The Alarming Rise of Phishing and Compromised Password Cyberattacks
- “Unearthing the Alarming Surge of Advanced Phishing Attacks in 2022: A Perception Point Report”
