LetsDefend Academy

Online practicing and training platform for blue team members

Additional Techniques

Another technique that attackers use is to perform phishing attacks using normally legal sites. Some of them are as follows.

  • Using services that offer Cloud Storage services such as Google and Microsoft
    • Attackers try to click on Google / Microsoft drive addresses that seem harmless to the user by uploading harmful files onto the drive.
  • Using services that allow creating free subdomains such as Microsoft, Wordpress, Blogspot, Wix
    • Attackers try to deceive security products and analysts by creating a free subdomain from these services. Since whois information cannot be searched as a subdomain, it can be seen that these addresses were taken in the past and belongs to institutions such as Microsoft, Wordpress.
  • Form applications
    • Services are available that allow free form creation. Attackers use these services instead of creating a fishing site themselves. Since the domain is harmless under normal conditions, it can pass on to the user without getting stuck on antivirus software. Google Form is an example of these services. When looking at whois information, the domain can be seen to be Google, so the attacker can mislead analysts.