Reputation-jacking is on the rise. Discover what reputation-jacking is and why cyber criminals like to use it when attacking businesses.
Cyber criminals have another trick up their sleeves. Besides using phishing emails to steal money and data from businesses, some hackers are now employing an additional technique known as reputation-jacking — using popular, legitimate cloud storage services to deploy malware.
Security researchers at Menlo Labs uncovered a scam that showcases why using this technique is gaining popularity among hackers. In this scam, cyber criminals sent customized phishing emails to employees at banks and financial services companies in the United States and United Kingdom between August and December 2018. These emails used a convincing pretense to get the employees to download malicious files from the Google Cloud storage service.
Storing the files on Google Cloud likely gave the employees a false sense of security — the impression that the files were safe because they were on a popular, legitimate cloud service. Storing the files on Google Cloud also let the hackers circumvent possible security measures at the companies. If the hackers had attached the malicious files to the emails, they probably would have been caught by email security software since the files were Visual Basic Script (VBS) and Java Archive (JAR) files.
Downloading and opening the malicious VBS and JAR files initiated a process designed to infect the employees’ computers with remote access trojans. Cyber criminals use these trojans to gain control over compromised machines so that they can remotely run commands that will let them scout out companies’ networks. Hackers use what they learn to determine the best tools and techniques to deploy to accomplish their ultimate goal, which is often stealing money or data.
The security researchers who discovered the scam noted that reputation-jacking is on the rise. For this reason, it is important to discuss it when you are educating employees about phishing and business email campaign (BEC) scams. Let them know what reputation-jacking is and why hackers like to use it. Be sure to stress that anytime an email urges them to access a file, they should think twice about doing so. The file might be malicious, even if it is located on a legitimate cloud storage service.