Cyberthreat Actors Exploit Google Looker Studio for Phishing Attacks

11 de septiembre de 2023
Cyberthreat actors have found a way to abuse Google’s Looker Studio data-visualization tool to carry out phishing attacks. Researchers from Check Point discovered a business email compromise (BEC) campaign that utilizes Looker Studio to create cryptocurrency-themed pages to trick users into providing their credentials. The attackers send emails that appear to come from Google, containing links to fake reports on cryptocurrency investing. If users click on the link, they are directed to a Google Looker page hosting a slideshow that urges them to log in to their account to claim more Bitcoin. However, this login page is designed to steal their credentials.

Check Point researchers observed more than a hundred attacks utilizing this method and have informed Google about the campaign. The attackers are able to bypass email security scans by leveraging Google’s authority and using various techniques. For example, they manipulate the sender IP address to fool Sender Policy Framework (SPF) controls and pass DKIM authentication checks by verifying the email’s legitimate domain. Furthermore, the association of the emails with the google.com domain allows them to pass checks by Domain-based Message Authentication, Reporting, and Conformance (DMARC).

Experts have criticized SPF, DKIM, and DMARC for being susceptible to sophisticated email attack vectors, as they can only protect against the threats they were designed for. To defend against BEC attacks like this, organizations are advised to adopt AI-powered security technology that can proactively identify phishing indicators. Additionally, a comprehensive security solution with document and file scanning capabilities should be implemented, along with a robust URL protection system that conducts thorough scans and emulates webpages for enhanced security.

By Mamfo Brescia

