Search the Community
Showing results for tags 'google services'.
steven36 posted a topic in Security & Privacy NewsAttackers exploiting an array of Google Services, including Forms, Firebase, Docs and more to boost phishing and BEC campaigns. A spike in recent phishing and business email compromise (BEC) attacks can be traced back to criminals learning how to exploit Google Services, according to research from Armorblox. Social distancing has driven entire businesses into the arms of the Google ecosystem looking for a reliable, simple way to digitize the traditional office. Armorblox co-founder and head of engineering Arjun Sambamoorthy just published a report detailing how now-ubiquitous services like Google Forms, Google Docs and others are being used by malicious actors to give their spoofing attempts a false veneer of legitimacy, both to security filters and victims. Open APIs, extensible integrations and developer-friendly tools mean that entire virtual offices — complete with virtual workflows — can exist in a Google ecosystem,” Sambamoorthy wrote. “Unfortunately, Google’s open and democratized nature is being exploited by cybercriminals to defraud individuals and organizations of money and sensitive data.” The report gives several specific examples of how Google Services help attackers with their schemes. Google Forms One campaign used a Google Form and an American Express logo to try and get victims to enter sensitive information. “Hosting the phishing page on a Google Form helps the initial email evade any security filters that block known bad links or domains,” according to Sambamoorthy. “Since Google’s domain is inherently trustworthy, and Google forms are used for several legitimate reasons, no email security filter would realistically block this link on ‘day zero.'” Gogle Firebase, Google Sites & Google Docs Google’s mobile platform Firebase was used in another scheme to host a phishing page, which allowed it to sneak through email filters for the same reason – because Firebase is trusted. In a Google-services-powered payroll diversion fraud scam that Sambamoorthy highlighted, a scam email link sent recipients to a Google Doc file to “confirm” their payment details. And in yet another attack, an email was delivered to victims, purportedly from their own IT team, asking them to review a secure message on Microsoft Teams from a colleague. The link led to web page with a bogus Office 365 login portal hosted on Google Sites. “The malice of the page’s intent was hidden behind the legitimacy of the page’s domain,” Sambamoorthy added. “This page would pass most eye tests during busy mornings (which is when the email was sent out), with people happily assuming it to be a legitimate Microsoft page.” Hijacking Google Services: A Trend The ability for malicious actors to leverage Google Services for their activities is starting to emerge as a full-fledged trend. At the beginning of November, researchers found 265 Google Forms impersonating brands like AT&T, Citibank and Capitol One and even government agencies like the Internal Revenue Service and the Mexican Government used in phishing attacks. The forms were removed by Google after researchers from Zimperium reported them. Just days earlier, scammers were found to be using a legitimate Google Drive collaboration to trick victims into clicking on malicious links. Even Google Calendar has been abused in the past, in a sophisticated cyberattack that targeted mobile Gmail users through fraudulent, unsolicited meeting notifications. For its part, Google stresses the company is taking every measure to keep malicious actors off their platforms. “We are deeply committed to protecting our users from phishing abuse across our services, and are continuously working on additional measures to block these types of attacks as methods evolve,” a Google spokesperson told Threatpost by email. The statement added that Google’s abuse policy prohibits phishing and emphasized that the company is aggressive in combating abuse. “We use proactive measures to prevent this abuse and users can report abuse on our platforms,” the statement said. “Google has strong measures in place to detect and block phishing abuse on our services.” Sambamoorthy told Threatpost that the security responsibility does not rest on Google alone and that organizations should not rely solely on Google’s security protections for their sensitive data. “Google faces a fundamental dilemma because what makes their services free and easy to use also lowers the bar for cybercriminals to build and launch effective phishing attacks,” he said. “It’s important to remember that Google is not an email security company — their primary responsibility is to deliver a functioning, performant email service.” Sambamoorthy said two-factor authentication (2FA) and maintaining strong passwords with a password manager are the best ways for users to protect themselves. Besides those best practices, the report recommended “rigorous eye tests” of emails “related to money and data.” Organizations, he said, should establish basic security policies and set up mechanisms which are able to adapt to new and evolving threats. “Security has an important ‘process’ component, so organizations should ensure they have the right controls, checks, and balances in place to protect users and data,” Sambamoorthy said. “Since these attack patterns are always evolving, organizations should invest in security technologies that have built-in feedback mechanisms. These mechanisms should learn from new attacks and refine detection algorithms with time ” Source
Google services have gone down across the UK, including Gmail, Google Drive and YouTube. Reports flooded the outage service DownDetector as users frantically tried to access their email accounts, Google documents and videos on YouTube. Google Drive and Google Hangouts are also down. The tech company says it is currently investigating the issue. ‘We’re aware of a problem with Gmail affecting a majority of users,’ the company stated. ‘The affected users are unable to access Gmail. We will provide an update by 12/14/20, 12:12 PM detailing when we expect to resolve the problem’ Meanwhile, Google’s users were quick to vent their frustration. ‘I can’t access anything from Google says error or does not recognise my account. Can’t access youtube, gmail, etc… Not good Google,’ wrote one users on DownDetector. Another commented: ‘Looks like servers are down just like when YouTube was down previously and now its affecting every google apps’ London appears to be the worst-affected area but users in Manchester and over in Dublin are also reporting problems. Read more: https://metro.co.uk/2020/12/14/youtube-and-google-services-down-for-millions-of-users-13749402/?ito=cbshare Twitter: https://twitter.com/MetroUK | Facebook: https://www.facebook.com/MetroUK/ Users trying to access YouTube on laptops or phones are also unable to see the website or app. Instead, they’re greeted with a holding page and the caption ‘something went wrong’. Read more: https://metro.co.uk/2020/12/14/youtube-and-google-services-down-for-millions-of-users-13749402/?ito=cbshare Twitter: https://twitter.com/MetroUK | Facebook: https://www.facebook.com/MetroUK/ Many irritated users took to Twitter to try and find out why they’ve lost access to their Google accounts. ‘I’ve been logged out of my Google account on my phone and I can’t log back in- it says problem with my account and now I am locked out of all my Google Apps :(,’ wrote one user on Twitter. ‘What can I do to get back in- all my details are correct?’ Read more: https://metro.co.uk/2020/12/14/youtube-and-google-services-down-for-millions-of-users-13749402/?ito=cbshare Twitter: https://twitter.com/MetroUK | Facebook: https://www.facebook.com/MetroUK/ It’s not yet clear how widely the problem has spread, but other areas of Europe also appear to have been affected. ‘We work on isolating and fixing every product issue that we’re aware of,’ Google explains on its Workspace admin page. ‘Some issues might not be listed here. We characterize known Issues as follows: We can consistently reproduce an unexpected behavior. Engineers are actively working towards a fix to correct the behavior. The issue is observed globally and has generated a large number of support cases.’ Metro.co.uk has contacted Google for a comment on the outage. Read more: https://metro.co.uk/2020/12/14/youtube-and-google-services-down-for-millions-of-users-13749402/?ito=cbshare Twitter: https://twitter.com/MetroUK | Facebook: https://www.facebook.com/MetroUK/ Source: https://metro.co.uk/2020/12/14/youtube-and-google-services-down-for-millions-of-users-13749402/ (As of 26 Minutes Ago)