A study by cybersecurity firm Avanan showed that hackers are increasingly using Google Docs productivity features.
Back in June, the company was already reporting that hackers could easily post malicious links through comments in Google apps like Docs and Slides.
Today, the alert is still to be taken seriously.
It mainly targets Outlook users, but not only.
“It hit over 500 inboxes […], with hackers using over 100 different Gmail accounts,” Fuchs said.
The main purpose of this attack is to spread links pointing to malware and phishing links.
Two techniques that make it possible to access and steal users' personal data.
To protect themselves against this, before clicking on a link, concerned users can contact the legitimate sender.
This is the best option to determine the origin of the comment and detect impersonation.
A well camouflaged attack
“In this attack, hackers add a comment to a Google Doc. The comment mentions the target with an @. By doing so, an email is automatically sent to that person's inbox. In this email, which comes from Google, the full comment, along with the bad links and text, is included. In addition, the email address is not indicated, only the name of the attacker is displayed, which makes the situation ripe for identity thieves,” writes Mr. Fuchs on the Avanan site.
The email function of Google Docs therefore makes the attack even more difficult for anti-spam functions to detect.
The emails are sent directly from Google and appear genuine.
Additionally, the email contains the full comment, links, and text.
The victim therefore never needs to consult the document in question, the part concerned by the comments being in the malicious e-mail itself.
Google recently announced the acquisition of Siemplify.
It is a standalone security orchestration, automation, and response provider.
The objective of this acquisition is to strengthen the threat detection and response capabilities integrated into Google's cloud services.
According to Reuters, Google paid around $500 million in cash to buy the company.
FontOnLake: A dreadful malware that targets computers running Linux
Security: The government wants to allocate 7.5 billion euros to digital over 5 years
Share on Messenger
Share on Facebook
Share on Twitter
Share on Flipboard
Share on Pinterest
Share on Linkedin
Send by Mail
A fault ?