Google looker studio, formerly known as Google Data Studio was targeted in a crypto currency phishing attack
A rampant attack involving Google Looker Studio is making the rounds. Over the past few weeks, Checkpoint, a cybersecurity firm, has reported more than a hundred instances of such attacks. The Google Looker product family has a user base exceeding 10 million individuals.
Google Looker Studio serves as an online tool for converting various data types, including information, presentations, and spreadsheets, into visually engaging formats such as charts and graphs.
Hackers have been exploiting this tool to craft fraudulent cryptocurrency webpages aimed at stealing both funds and user credentials. It’s another way for hackers leveraging legitimate services for what is popularly known as BEC 3.0 attacks. These attackers employ social engineering tactics, using a Google domain to manipulate users into responding and divulging their credentials on cryptocurrency websites. The attack initiates with an email seemingly sent directly from Google, specifically via Google Looker Studio.
Within Looker Studio, the hackers have created a report. The email contains a link to this report, which suggests that following the provided investment strategies has yielded favourable returns for users.
The Sender Policy Framework, or SPF, is an email authentication technique created to thwart email spoofing by defining the authorised IP addresses or servers permitted to send emails on behalf of a specific domain.
Then, there is DomainKeys Identified Mail, or DKIM. DKIM is an additional email authentication mechanism that employs cryptographic signatures to confirm that the email’s content has remained unaltered during transmission and indeed originates from the claimed domain. In this particular instance, the DKIM signature has been successfully authenticated (dkim=pass) and has been verified for the domain google.com.
To guard against these attacks, security professionals can undertake the following measures:
- Adopting AI-powered technology, capable of analysing and identifying numerous phishing indicators to proactively thwart complex attacks.
- Embracing a comprehensive security solution, that includes document and file scanning capabilities
- Deploying a robust URL protection system, that conducts thorough scans and emulates webpages for enhanced security.