1 article
The AccountDumpling campaign has compromised approximately 30,000 Facebook accounts by routing phishing emails through Google AppSheet — a legitimate no-code application platform — to bypass spam filters and email security gateways. The technique exploits trusted sender reputation of Google infrastructure and demonstrates the growing difficulty of filtering phishing delivered through legitimate SaaS platforms.
AccountDumpling abuses Google AppSheet to deliver phishing. EtherRAT uses Cloudflare and Ethereum nodes for C2. DEEP#DOOR tunnels over Cloudflare. The pattern is consistent: sophisticated attackers have discovered that the fastest route past enterprise security controls is through infrastructure defenders cannot block. The defence posture that assumes blocking bad infrastructure will stop bad traffic is being systematically rendered obsolete.
CipherWatch Editorial
Security Intelligence Platform