The Threat Actors will abuse any service for their own ends

Researchers are warning that threat actors are abusing the Google Cloud Run – an application and website development and management service – to distribute banking trojans on an industrial scale:

Hackers abuse Google Cloud Run in massive banking trojan campaign (bleepingcomputer.com)

Your takeaway

Any applications or software you have written for you and your website need to be included in your Cyber Security Plan. You may not be managing them directly but you need to check and double check that the third parties that are supplying these services understand their cyber security responsibilities.

Have a read of this:

How much are you relying on your web designer to protect your reputation?

When I am carrying out an IT and Cyber Security Audit for a client, I have a document that I work through with this type of third-party suppliers to check they understand and implement good cyber security. For the record, one of my recent audits led to the web design company losing the work! I tried to advise them on what our mutual client needed but they were not interested in change, they “only did the website”.

Your web designers or app developers might be using Google Cloud Run?

Clive Catton MSc (Cyber Security) – by-line and other articles