Free Newsletters for the Channel
Register for Your Free Newsletter Now
Check Point Tracks Phishing Attacks Using Google Looker Studio
The goal of these attacks is typically stolen credentials.
3 Min Read
Andrea Danti/Shutterstock
Check Point Software Technologies has discovered more than 100 cyberattacks involving Google Looker Studio.
Over 10 million people use the Google Looker family of products. New Check Point research found cybercriminals are using Google Looker Studio, Google Docs and Google Slide for advanced phishing attacks. By infiltrating legitimate Google accounts, these criminals are gaining unprecedented access to users’ sensitive data, all while bypassing traditional security filters, and posing a daunting challenge for end users to detect.
Here’s how the attacks work:
A cybercriminal creates a Google Looker Studio page.
The cybercriminal uses Google to send a real notification to the targeted victim, asking them to review or comment. Since the notification comes from the legitimate Google account, it’s not caught by security filters.
The victim clicks through to look at the page, which looks legitimate.
Embedded within the Google Looker page is a link that redirects the victim to an external page designed to steal their login credentials and crypto-related information.
Jeremy Fuchs, cybersecurity researcher/analyst at Check Point, said hackers are leveraging Google’s authority.
Check Point’s Jeremy Fuchs
“An email security service will look at all these factors and have a good deal of confidence that it is not a phishing email, and that it comes from Google,” he said.
Google Looker Studio Attacks Usually Aimed at Credential Theft
The goal of these attacks is typically stolen credentials, Fuchs said.
“This could be for email or for any other account,” he said. “Some of these attacks include malware, which come in the form of trojans. However, the majority of attacks are looking at stolen credentials.”
Check Point hasn’t yet seen evidence of successful attacks, Fuchs said.
“It’s not Google tools per se, it’s really any tool where something can be created and be sent directly from the service,” he said. “We’ve seen this from PayPal, QuickBooks and more. The idea is that hackers leverage the legitimacy of the site to have any email be sent directly to the inbox. Because of the legitimacy of the site, it goes straight into the inbox. It’s coming directly from the site, so it’s the real deal. That induces end users to click. That makes these attacks very difficult to stop.”
End-user hygiene is key to organizations and individuals protecting themselves, even if it requires more stringent usage from the employee, Fuchs said.
“It’s always a good idea to look at links both in the email, the URL bar and any URL in the page,” he said. “End-users will notice that, on the final page where credentials are stolen, the URL is not from Google. Another good thing to do is take a minute and look at the context. Are you expecting an email from this service? Do you use Google Looker in your daily business activities? Do you use Bitcoin? Taking an extra step and looking at the context of what’s happening can help prevent an errant click or reply.”
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like
Sep 16 - Sep 19, 2024
Sep 16 - Sep 19, 2024
Join us for MSP Summit, September 16-19, 2024 in Atlanta, GA. You don't want to miss the industry’s most innovative and inspiring gathering of business leaders focused on growing their managed services businesses. This year’s MSP Summit will help attendees stay ahead of exponentially increasing security threats, expanding their range of services through a merger or acquisition and embrace a wide range of innovative new technologies. Get notified when registration opens.
Sign Up For Special Deal