cloud of suspicion scaling up phishing campaigns using
play

Cloud of Suspicion Scaling Up Phishing campaigns Using Google Apps - PowerPoint PPT Presentation

Oct 15, 2022 •106 likes •268 views

Cloud of Suspicion Scaling Up Phishing campaigns Using Google Apps Scripts MAOR BIN NOVEMBER 2017 Overview Google Apps Scripts Overview Google Apps Scripts A scripting language based on JavaScript that lets you automate actions with

  1. Cloud of Suspicion Scaling Up Phishing campaigns Using Google Apps Scripts MAOR BIN NOVEMBER 2017

  2. Overview Google Apps Scripts

  3. Overview Google Apps Scripts  A scripting language based on JavaScript that lets you automate actions with Google Apps Services  Example of services that can be accessed via Google Apps Scripts:  Gmail app - Send email, read email, get attachments, etc.  Drive app – Create folder, create fle, get fle content, etc.  URL Fetch app – Access external API  etc.  T ype of scripts:  Standalone  Bound to G Suite documents  Web apps

  4. Spreading Google Apps Scripts  Standalone / Bound to G Suite documents  Google fle sharing  Web apps  Create a link and spread it in multiple channels

  5. Data Exfltration  Auto forward emails  Post to external URL  C & C

  6. Data Exfltration

  7. Getting Malicious…  Spreading Malware via Google Drive  Google Docs Worm  Abusing Google Apps Scripts

  8. Google Docs Worm

  9. Creating Google Docs Worm With Google Apps Scripts

  10. Create A Phishing Cloud Macro DEMO

  11. DOES IT SCALE?

  12. Google Services Quotas Google Apps free edition ( Feature Consumer (gmail.com) G Suite Early Access legacy) Calendar events 5,000 / day 10,000 / day 10,000 / day Flexible created Contacts created 1,000 / day 2,000 / day 2,000 / day Flexible Documents created 250 / day 500 / day 1,500 / day Flexible Email recipients per day 100* / day 100* / day 1,500* / day 1,500* / day Email read/write 20,000 / day 40,000 / day 50,000 / day Flexible (excluding send) Groups read 2,000 / day 5,000 / day 10,000 / day Flexible JDBC connection 10,000 / day 10,000 / day 50,000 / day Flexible JDBC failed connection 100 / day 100 / day 500 / day 500 / day Properties read/write 50,000 / day 100,000 / day 500,000 / day Flexible Spreadsheets created 250 / day 500 / day 3,200 / day Flexible Triggers total runtime 90 min / day 3 hr / day 6 hr / day 6 hr / day URL Fetch calls 20,000 / day 50,000 / day 100,000 / day Flexible URL Fetch data received 100MB / day 100MB / day 100MB / day 100MB / day

  13. Limitations Consumer (gmail.com) Google Apps free edition ( G Suite Feature Early Access legacy) Basic/Business/Edu/Gov Script runtime 6 min / execution 6 min / execution 6 min / execution 30 min / execution Custom function 30 sec / execution 30 sec / execution 30 sec / execution 30 sec / execution runtime Email attachments 250 / msg 250 / msg 250 / msg 250 / msg Email body size 200kB / msg 200kB / msg 400kB / msg 400kB / msg Email recipients per 50 / msg 50 / msg 50 / msg 50 / msg message Email total 25MB / msg 25MB / msg 25MB / msg 25MB / msg attachments size Properties value size 9kB / val 9kB / val 9kB / val 9kB / val Properties total storage 500kB / property store 500kB / property store 500kB / property store 500kB / property store Triggers 20 / user / script 20 / user / script 20 / user / script 20 / user / script URL Fetch headers 100 / call 100 / call 100 / call 100 / call URL Fetch header size 8kB / call 8kB / call 8kB / call 8kB / call URL Fetch POST size 10MB / call 10MB / call 10MB / call 10MB / call URL Fetch URL length 2kB / call 2kB / call 2kB / call 2kB / call

  14. Mitigations Self executing JavaScript  Endpoint security  3 rd party app  Review script’s content  Review script’s scopes  Revoke if necessary  https://myaccount.google.com/permissions?pli=1  Consider CASB solutions 

  15. Questions?

Recommend

The Art of Phishing : What you should know Arvind Vishwakarma 05/24/2019 Agenda 1. Phishing

The Art of Phishing : What you should know Arvind Vishwakarma 05/24/2019 Agenda 1. Phishing

The Art of Phishing : What you should know Arvind Vishwakarma 05/24/2019 Agenda 1. Phishing In a Nutshell 2. Phishing Types & Techniques 3. Phishing Stats & Modern Trends 4. Case-Study 5. Stay Safe 2 Speaker ABOUT ME

478 views • 24 slides
Phishing Fishing or Phishing? Definition Phishing: an attempt to trick victims into sharing

Phishing Fishing or Phishing? Definition Phishing: an attempt to trick victims into sharing

Phishing Fishing or Phishing? Definition Phishing: an attempt to trick victims into sharing sensitive information such as passwords, usernames, and credit card details for malicious reasons. Phishing can be in the form of emails, social

530 views • 20 slides
Retreat IT Presentation Rick OToole Phishing Awareness What is Phishing? Phishing is the

Retreat IT Presentation Rick OToole Phishing Awareness What is Phishing? Phishing is the

School of Fin ine Arts Retreat IT Presentation Rick OToole Phishing Awareness What is Phishing? Phishing is the attempt to obtain personal information such as passwords and logins for malicious purposes. By appearing to be legitimate the

255 views • 13 slides
VECTOR Table of Content Bio What phishing is? Types of Phishing Anatomy of

VECTOR Table of Content Bio What phishing is? Types of Phishing Anatomy of

THE STATE OF PHISHING ATTACK VECTOR Table of Content Bio What phishing is? Types of Phishing Anatomy of Phishing Counter Measures Reports on Phishing Isaac K. Acheampong Facilities Manager BSc IT, Dip. IT, Sec+ STATE OF

711 views • 34 slides
Tech Briefing Email Security (Phishing) VPN File Storage Phishing Awareness What is Phishing?

Tech Briefing Email Security (Phishing) VPN File Storage Phishing Awareness What is Phishing?

Tech Briefing Email Security (Phishing) VPN File Storage Phishing Awareness What is Phishing? Phishing email messages, websites, and phone calls are designed to steal money or sensitive information. Cybercriminals can do this by installing

264 views • 24 slides
PHISHING IN DEPTH (ATTACKS & MITIGATIONS) Table of Content 1.0 Introduction 2.0 Phishing

PHISHING IN DEPTH (ATTACKS & MITIGATIONS) Table of Content 1.0 Introduction 2.0 Phishing

PHISHING IN DEPTH (ATTACKS & MITIGATIONS) Table of Content 1.0 Introduction 2.0 Phishing 3.0 Phishing kit 4.0 Types of Phishing 5.0 Avoidance Techniques 6.0 Effect of Phishing on Businesses 7.0 Demos & Practical INTRODUCTION

565 views • 27 slides
Empirical Evaluation of Workload Forecasting Techniques for Predictive Cloud Resource Scaling In

Empirical Evaluation of Workload Forecasting Techniques for Predictive Cloud Resource Scaling In

Empirical Evaluation of Workload Forecasting Techniques for Predictive Cloud Resource Scaling In Kee Kim , Wei Wang, Yanjun (Jane) Qi, and Marty Humphrey Computer Science @ University of Virginia Motivation Cloud Resource Scaling Approach

449 views • 31 slides
Scaling for Ultrafast, G.FAST, FTTP, 5G and the Cloud Neil J. McRae Chief Architect BT 1

Scaling for Ultrafast, G.FAST, FTTP, 5G and the Cloud Neil J. McRae Chief Architect BT 1

Scaling for Ultrafast, G.FAST, FTTP, 5G and the Cloud Neil J. McRae Chief Architect BT 1 British Telecommunications plc 2018 Agenda BT Core network Traffic growth and trends Scaling the core new router introduction scaling

621 views • 21 slides
W ebs of Suspicion transcript of presentation video Good afternoon everyone, energy levels

W ebs of Suspicion transcript of presentation video Good afternoon everyone, energy levels

W ebs of Suspicion transcript of presentation video Good afternoon everyone, energy levels high, ready for the beer! One more to go its us Webs of Suspicion. We are a mixture of some good consultancy, some good legal work, some top

407 views • 3 slides
Training employees to recognise and avoid phishing threats Agenda Today, we will be exploring:

Training employees to recognise and avoid phishing threats Agenda Today, we will be exploring:

Training employees to recognise and avoid phishing threats Agenda Today, we will be exploring: What is phishing? How phishing can damage a business What are the difgerent types of phishing? How to spot a phishing email What to do if

159 views • 12 slides
of Sandboxed Phishing Kits Summary Motivation Sandboxed phishing kits Implementation Results

of Sandboxed Phishing Kits Summary Motivation Sandboxed phishing kits Implementation Results

PhishEye: Xiao Han Nizar Kheir Live Monitoring Davide Balzarotti of Sandboxed Phishing Kits Summary Motivation Sandboxed phishing kits Implementation Results [APWG Phishing Activity Trends Report 2 nd Quarter 2016] All time high record

921 views • 59 slides
Anti-Phishing Security Strategy Angelo P. E. Rosiello Agenda 1. Brief introduction to phishing

Anti-Phishing Security Strategy Angelo P. E. Rosiello Agenda 1. Brief introduction to phishing

Anti-Phishing Security Strategy Angelo P. E. Rosiello Agenda 1. Brief introduction to phishing 2. Strategic defense techniques 3. A new client based solution: DOMAntiPhish 4. Conclusions Nature of Phishing Statistics from the Anti

536 views • 31 slides
Cloud-iQ New features including xSP reporting Crayon Channel Team Cloud-iQ updates The Cloud-iQ

Cloud-iQ New features including xSP reporting Crayon Channel Team Cloud-iQ updates The Cloud-iQ

Cloud-iQ New features including xSP reporting Crayon Channel Team Cloud-iQ updates The Cloud-iQ Platform is Crayons Cloud Service Scaling Engine. Offering best in class self- provisioning, billing and reporting capabilities to

346 views • 12 slides
Ne Needle in a Haystack: : Tracking Do Down Elite Ph Phishing g Dom Domains in the Wild Ke

Ne Needle in a Haystack: : Tracking Do Down Elite Ph Phishing g Dom Domains in the Wild Ke

Ne Needle in a Haystack: : Tracking Do Down Elite Ph Phishing g Dom Domains in the Wild Ke Tian, Steve T.K. Jan , Hang Hu, Danfeng Yao, Gang Wang Computer Science, Virginia Tech Phishing is a Big Th Threat Phishing: fraudulent attempt

411 views • 30 slides
Dont Take The Bait: How To Stay Safe From Phishing Goals After this section, youll be able

Dont Take The Bait: How To Stay Safe From Phishing Goals After this section, youll be able

Dont Take The Bait: How To Stay Safe From Phishing Goals After this section, youll be able to: Define phishing Identify signs of a potential phishing email Know where to report phishing emails to and how to report them

168 views • 15 slides
COMPREHENSIVE CAMPAIGNS 9:00 a.m. 10:15 a.m. Comprehensive Campaigns Preparing for Success

COMPREHENSIVE CAMPAIGNS 9:00 a.m. 10:15 a.m. Comprehensive Campaigns Preparing for Success

COMPREHENSIVE CAMPAIGNS 9:00 a.m. 10:15 a.m. Comprehensive Campaigns Preparing for Success The Rome Group Ellen Howe, Managing Director Ashley Holmes, Senior Consultant Lyric Opera of Chicago Elizabeth Hurley, Chief Development Officer

261 views • 24 slides
Examples of SAAS on cloud: dynamically scaling R, Galaxy and Matlab tom.visser@sara.nl

Examples of SAAS on cloud: dynamically scaling R, Galaxy and Matlab tom.visser@sara.nl

Examples of SAAS on cloud: dynamically scaling R, Galaxy and Matlab tom.visser@sara.nl linkedin.com/in/visservisser Our vision Cloud computing is not about new technology, it is about new uses of technology Self Service Dynamically Scalable

667 views • 18 slides
Scaling real-time analytics using Postgres in the cloud Sai.Srirampur@microsoft.com

Scaling real-time analytics using Postgres in the cloud Sai.Srirampur@microsoft.com

Scaling real-time analytics using Postgres in the cloud Sai.Srirampur@microsoft.com Colton.Shepard@microsoft.com Why PostgreSQL? Proven Resilience and Stability Thousands of Mission Critical Workloads Open source Large Developer Community and

928 views • 71 slides
Outline The composition of Genesis 13 A hermeneutics of suspicion They say / I say:

Outline The composition of Genesis 13 A hermeneutics of suspicion They say / I say:

Class 2 a THE IMAGE OF GOD AND HUMAN IN FIRST & SECOND WAVE FEMINISMS Outline The composition of Genesis 13 A hermeneutics of suspicion They say / I say: entering the conversation Virginia Woolf and Prof. von X Genesis

566 views • 4 slides
Modeling the Stream Rate of Vehicular Networks for Predictable Auto-Scaling of Edge-Cloud Systems

Modeling the Stream Rate of Vehicular Networks for Predictable Auto-Scaling of Edge-Cloud Systems

Modeling the Stream Rate of Vehicular Networks for Predictable Auto-Scaling of Edge-Cloud Systems Edgar ROMO, NDS Laboratory, CIC-IPN KerData Team, INRIA Introduction Context: Vehicular Networks connected to the Cloud Resources for APP x

304 views • 19 slides
Slicing Functional Programs: A Suspicion 10th CREST Open Workshop on Program Analysis and

Slicing Functional Programs: A Suspicion 10th CREST Open Workshop on Program Analysis and

Slicing Functional Programs: A Suspicion 10th CREST Open Workshop on Program Analysis and Slicing Henrik Nilsson School of Computer Science The University of Nottingham, UK Slicing Functional Programs: A Suspicion p.1/6 Slicing

410 views • 13 slides
Auto-scaling deadline- constrained workloads in containers in the cloud Jay Jay DesLauriers

Auto-scaling deadline- constrained workloads in containers in the cloud Jay Jay DesLauriers

Auto-scaling deadline- constrained workloads in containers in the cloud Jay Jay DesLauriers DesLauriers Research Associate, University of Westminster Project COLA Horizon 2020 33 months Completion September 2019 14

309 views • 17 slides
Phishing By: Joanna Georgiou Dhamija, R., Tygar, J. D., & Hearst, M. (2006, April 22). Why

Phishing By: Joanna Georgiou Dhamija, R., Tygar, J. D., & Hearst, M. (2006, April 22). Why

Phishing By: Joanna Georgiou Dhamija, R., Tygar, J. D., & Hearst, M. (2006, April 22). Why Phishing Works. Gelernter, N., Kalma, S., Magnezi, B., & Porcilan, H. (2017). The Password Reset MitM Attack. What is Phishing? Dhamija, R.,

528 views • 50 slides
Federal Information Systems Security Education Association Spear Phishing Agenda Definition

Federal Information Systems Security Education Association Spear Phishing Agenda Definition

Federal Information Systems Security Education Association Spear Phishing Agenda Definition of spear phishing Why is spear phishing so valuable to attackers Spear phishing defenses / countermeasures Training concepts and delivery

434 views • 8 slides

More recommend