With his latest report Threat Horizons, Google wanted to raise the alarm regarding a new cyber threat.
It is a exploit proof-of-concept (PoC) called Google Calendar RATexploited as a command and control system (C2). What makes this malicious agent particularly alarming is the fact that the same, published in June on GitHubhas already achieved well 15 variations.
Google has not observed its spread online outside of dedicated sandbox tests, but has noticed that more users are sharing Google Calendar RAT on cybercriminal forums, indicating some interest in the context of cybercrime. Although the IT giant acted promptly to combat this infection system, it is not certain that others will more aggressive variants may soon see the light.
Per Matt SheltonHead of Threat Research and Analysis at Google Cloud “What we’re seeing happen is that instead of using dedicated C2 nodes, as in the past, threat actors are leveraging cloud services to hide in the background“. Shelton then clarified how “Every cloud service could be used by an attacker to abuse users“.
Google Calendar RAT may be the sign of a new and worrying trend
The system created by cybercriminals in this context is certainly the result of considerable inventiveness. Google Calendar RAT, in fact, exploits alegitimate cloud infrastructurewhich makes it very difficult to identify and prevent this type of attack.
The aforementioned Matt Shelton, in this regard, advises companies to focus on anomaly-based monitoring “When developing a detection strategy within your organization, you really need to think about looking for anomalies and activity entering your system“.
He also points out that the future of IT security will soon have to deal with similar situations.”What we will see in the next year, I believe, will be new ways of using cloud services for illegitimate purposes“.