Attackers are using cloud services to mask attack origin and build false trust

A report from Menlo Security finds that attackers are using cloud hosting services to avoid detection, opting to host trojans from websites like storage.googleapis.com, rather than on their own infrastructure. It is not difficult to understate the convenience of this—think of all the benefits cloud computing offers the enterprise, the cost savings of building out your own servers, etc., and apply those benefits to cybercriminals. The minimized initial cost makes cloud services undeniably attractive for malicious uses.

So, imagine a user follows a link in a phishing email to download a trojan from storage.googleapis.com. As far as the user knows, the origin is Google, or someone using Google to store data. It’s got the lock icon, and it has Google in the URL, so it should be trustworthy, except it is not.

Read more about the findings of the Menlo Security report on TechRepublic.