Since Google is likely to be more successful than using newly created domains or domains with no reputation, the cybercrime group is using Google as an independent command and control channel, Forcepoint Security Labs researchers said for SC Magazine.
The group, also known as Anunak, has recently been spotted using weaponized office documents hosted on mirrored domains, in order to distribute malware, according to a Jan. 17 Forcepoint blog post.
Each time a user is infected, a unique Google Sheets spreadsheet is dynamically created in order to manage each victim. The legitimate use of third party services like Google allow the attacker to hide in plain site because it is unlikely that organization will block Google by default.
This makes it more likely for the attackers to successfully establish command and control channels, researchers said in the post.
Furthermore, Forcepoint Security Labs researcher Nicholas Griffin told SC Media that as far as he knows, Google has been made aware of the incident and are investigating and tracking the group.
Commenting on this John Gunn, VASCO Data Security said, “the result of this arms race is that, increasingly, the area of greatest vulnerability is the human factor. There is no patch for gullibility that can protect users from social engineering attacks. This is typically the first step in these types of attacks, and this will continue to compromise millions of users.”
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now