How Threat Actors Exploit Brand Trust

Threat actors often use low-cost cloud and hosting services, such as Google Drive, Google Sites, GitHub pages, Trello, OneDrive, Dropbox, 000webhost, Weebly etc. for malicious activities or launch phishing campaigns.

Why do Threat actors prefer legitimate services mostly to host phishing or malicious campaigns?

Trust and Credibility — Legitimate services (like well-known cloud storage, email providers, or social media platforms) are inherently trusted by users. This trust can make phishing emails or malicious links seem more credible, thereby increasing the likelihood of successful attacks. Moreover, security tools and filters are often less aggressive towards domains and IP addresses associated with reputable services. This can allow malicious content hosted on these platforms to bypass email filters, firewalls, and other security mechanisms more easily.

Cost and Convenience — Legitimate services offer ready-to-use platforms that are highly available and reliable, along with low-cost infrastructure. This reduces the technical barriers to setting up and managing campaigns.

Resilience and Redundancy — Legitimate services are built for high availability and resilience, ensuring that the malicious campaigns hosted on them remain operational for longer periods. Also, if a malicious campaign is detected and…