SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
CASB
#
Cyber attacks
#
Forcepoint
Notorious cybercrime gang targeting Google Apps for C&C attacks
Thu, 26th Jan 2017
FYI, this story is more than a year old
Author image
By Sara Barker, Copywriter and Senior News Editor
Follow us

Cybercrime gang “Carbanak” is now using Google infrastructure to act as a Command and Control (C-C) for weaponized documents, according to Forcepoint Security Labs.

Lab researchers found a trojanized RTF document that includes an encoded Visual Basic Script (VBScript), called the ‘ggldr' script, that looks typical of Carbanak malware.

The new attack method infects users through a script that will send and receive commands both to and from Google Apps Script, Google Sheets and Google Forms.

Forcepoint says that it's unlikely that organisations block these Google services by default, so attackers can easily establish a C-C – essentially hiding in plain sight.

“The Carbanak actors continue to look for stealth techniques to evade detection. Using Google as an independent C-C channel is likely to be more successful than using newly created domains or domains with no reputation,” says Nicholas Griffin on the company's blog.

The company says it has informed Google of the abuse and they have been working together to share more information. Forcepoint is also monitoring Carbanak's activities.

The Carbanak gang was first discovered in 2015. They typically use targeted malware attacks to steal from financial institutions, but they have been branching out into distributing malware through weaponized office documents hosted on mirrored domains.

Related stories
Trustifi launches innovative phishing detection training for MSPs
MotivationWorks upgrades cybersecurity with Radware
Australian firms struggle with connectivity failures & security threats
Mako boosts defence against cyber attacks with Radware's protection services
The rising threat of search engine ad abuse
Top stories
Fortinet recognised as Challenger in Gartner's 2024 Magic Quadrant for SSE
Coalition integrates cyber risk platform with top cloud services providers
Secolve & Asimily join forces to boost Australia's IoT security
Armis warns of major cyber-attack risk to 2024 global elections
i-PRO to support Genetec SaaS with new AI-enabled camera models