In this attack, hackers are utilizing productiveness features in Google Docs to send malicious content .
- Vector: Email, Google Docs
- Type: Malicious Link, Impersonation
- Techniques: Impersonation, Phishing
- Target: Any end-user
In this attack, hackers are adding a gloss to a Google Doc. The comment mentions the prey with an @. By doing so, an electronic mail is automatically sent to that person ’ randomness inbox. In that e-mail, which comes from Google, the wide comment, including the bad links and text, is included. Further, the e-mail address international relations and security network ’ metric ton shown, precisely the attackers ’ appoint, making this ripe for impersonators .
Email Example #1
In this electronic mail, Avanan researchers tested this flaw with an exercise gloss that includes a malicious link.
This e-mail has a malicious connection. All the hack has to do is mention it in the comment .
Email Example #2
Read more: WITS: Google Documents
This exercise uses Google Slides :
This proficiency works across the Google suite .
In this electronic mail attack, hackers found a way to leverage Google Docs, and early Google collaboration tools, to send malicious links. We chiefly saw it target Outlook users, though not entirely. It hit over 500 inboxes across 30 tenants, with hackers using over 100 different Gmail accounts .
There are several ways that make this electronic mail unmanageable for scanners to stop and for end-users to spot .
For one, the notification comes immediately from Google. Google is on most give up Lists and is trusted by users .
second, the electronic mail doesn ’ metric ton contain the attacker ’ s e-mail address, merely the display name. This makes it harder for anti-spam filters to judge, and even harder for the end-user to recognize .
For example, a hacker can create a free Gmail report, such as < bad.actor @ gmail.com >. They can then create a Google Doc, insert a comment and send it to their intended prey. For this case, let ’ s say the mean target has a work address of < vic.tim @ company.com >. The end-user will have no theme whether the comment came from < bad.actor @ gmail.com > or < bad.actor @ company.com >. It will just say “ Bad Actor ” mentioned you in a gloss in the trace document. If Bad Actor is a colleague, it will appear trusted. Further, the e-mail contains the full comment, along with links and textbook. The victim never has to go to the text file, as the cargo is in the e-mail itself. finally, the attacker doesn ’ triiodothyronine even have to contribution the document — good mentioning the person in the gloss is enough .
This approach was missed by ATP, american samoa well .
Avanan notified Google of this flaw on January 3rd, via the report card phish through e-mail button within Gmail.
Read more: WITS: Google Documents
Best Practices: Guidance and Recommendations
To guard against these attacks, security professionals can do the trace :
- Before clicking on Google Docs comments, encourage end-users to cross-reference the email address in the comment to ensure it’s legitimate
- Remind end-users to utilize standard cyber hygiene, including scrutinizing links and inspecting grammar
- If unsure, reach out to the legitimate sender and confirm they meant to send that document
- Deploy protection that secures the entire suite, including file-sharing and collaboration apps