![]() ![]() "Weaponizing documents for phishing is a tried and true approach to establishing a foothold into an enterprise, and reinforces one of the fundamental truisms of the field: You can hack the systems or you can hack the humans. These new preventions are just part of Google’s ongoing efforts to detect and shut down new spam campaigns. In a statement to 9to5google, Google said they are “rolling out additional measures” specifically to prevent this type of spam from being posted in comments on Docs, Slides, and other Google Workspace files. In this attack, hackers are utilizing productivity features in Google Docs to send malicious content. Request your free Third Party App Permissions Audit today.In December, however, Avanan observed a new, massive wave of hackers leveraging the comment feature in Google Docs, targeting primarily Outlook users. ManagedMethods’ Cloud Access Monitor tool provides that critical visibility, so an administrator can review all the apps that employees have authorized and what permissions were granted to those apps:Īdministrators can also search which apps have permission to read users’ emails or access documents in G Suite:Īnd finally, administrators can revoke access to these apps right from Cloud Access Monitor:ĭon’t wait for another phishing attack to put your company at risk. However, this advice falls short for enterprises since it is harder to enforce due to limited visibility. Most advice on how to defend against this type of attack is focused on users checking the permissions they granted to different apps. How to Protect Your Company Against Attack It’s never a good idea for employees to use corporate Gmail for these type of consumer applications, but they often do it anyway for convenience. That means that if the Fox News app is compromised, your organizational data may also be compromised. For example, the Fox News app requests permission to read your email. You can read about the Google Docs attack in yesterday’s article on NetworkWorld.Įven some seemingly benign apps ask for broad permissions. However, not every attack will be as visible as that one. (Likely script kiddies, but we won’t ever know for sure.) Fortunately, Google reacted quickly and shut them down. In the case of yesterday’s Google Docs attack, it appears to have been carried out by an inexperienced hacker who went for maximum publicity instead of maximum damage. A more sophisticated attacker might even plant their code and strike at the perfect moment for maximum impact. The sky is the limit for a skillful hacker once they get access to a targeted individual corporate Gmail and G Suite account. A targeted corporate espionage program intending to predict upcoming M&A or funding activities.Analyze sharing behavior and identify with which other domains the company has been sharing documents.An email sent from what appears to be the CEO to CFO authorizing payment to a third party.This Gmail attack works by asking the user to grant permissions to specific capabilities in Google G Suite, including the ability to read and write emails and documents, and access user information such as name, email address, age etc. Trend Micro has dubbed this attack “Pawn Storm”. The goal is to conduct corporate or political espionage or to use the data to demand ransom from targeted companies. This is a clever mix of social engineering and exploiting user familiarity. There are indications that Russian-based spies are starting to leverage loopholes in end-user cognition to get access to corporate data. When something is as popular as OAuth, it quickly becomes an attractive target for hackers and bad guys, like with yesterday’s Google Docs attack. OAuth is a standard many SaaS vendors support for REST API access. OAuth is a very good security standard that has been carefully designed to balance user experience and security and is a solid security protocol that has been used across many apps.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |