Check Point researchers have uncovered a sophisticated credential harvesting attack that leverages Firebase, a popular web application hosting service. This attack involves the creation of highly convincing and professionally designed phishing web pages that impersonate well-known services.
Example 1
The attackers also utilize a compromised vendor to send phishing links within existing email correspondences, making the scam even more deceptive.
Example 2
How it Works:
The attackers leverage Firebase to host phishing web pages that mimic legitimate services. By compromising a vendor’s email account, cyber criminals then insert phishing links into ongoing email threads.
This tactic increases the likelihood of the recipient trusting the link, as it appears to come from a known and trusted source. Once the victim clicks the link, they are directed to a fake login page, where their credentials are harvested.
Why it Matters:
The weaponization of trusted platforms, like Firebase, and the manipulation of email correspondences enables cyber attackers to deceive even the most aware and attuned of individuals.
For organizations, the potential impact includes data breaches, financial losses and reputational damage, among other things.
Mitigations for Organizations:
This attack has primarily affected organizations in the United States (53%), although the EU (23%), the Middle East (22%), and Australia and Asia Pacific (15%) have also been affected.
In response, organizations are advised to:
- Email security solutions. Implement advanced email security solutions that can detect and block phishing attempts.
- Multi-factor authentication. To add an extra layer of security, enforce multi-factor authentication for all accounts.
- Advanced threat intelligence integration. Implement comprehensive threat intelligence that integrates with your existing security infrastructure.Threat intelligence platforms can provide real-time threat detection, analysis and response.
- If your SecOps team or engineers identify abuse of the Firebase platform, your organization can get in-touch with Firebase here: https://support.google.com/code/contact/cloud_platform_report
For more information about securing your email & collaboration systems, schedule a product demo or reach out to your local Check Point representative.
