Google: So Darned Useful to Good and Bad Actors
June 25, 2021
Never underestimate hackers’ adaptability and opportunism. E Hacking News reports, “Threat Actors Use Google Drives and Docs to Host Novel Phishing Attacks.” For the first time, security firm Avanan has found, attackers are able to bypass link scanners and other security protections and use Google’s standard document tools to deliver malicious, credential-stealing links. Previously, bad actors have had to lure their victims to a legitimate website in order to exploit its security flaws. Now they can do so right from users’ inboxes. The article cites a recent report from Trend Micro as well as the research from Avanan:
“According to researchers, once the hacker publishes the lure, ‘Google provides a link with embed tags that are meant to be used on forums to render custom content. The attacker does not need the iframe tags and only needs to copy the part with the Google Docs link. This link will now render the full HTML file as intended by the attacker and it will also contain the redirect hyperlink to the actual malicious website.’ The hackers then use the phishing lure to get the victim to ‘Click here to download the document.’ Once the victim clicks, the page redirects to the actual malicious phishing website through a web page designed to mimic the Google Login portal. Friedrich said Avanan researchers also spotted this same attack method used to spoof a DocuSign phishing email. In this case, the ‘View Document’ button was a published Google Docs link that actually was a fake DocuSign login page that would transmit the entered password to an attacker-controlled server via a ‘Log in’ button.”
Stolen login credentials are the most effective way to infiltrate any organization, and with a little social engineering hackers can attract many of them with this approach. It is a good reminder that educated users who do not fall for phishing schemes provide the best protection against such attackers. Alternatively, just download some interesting apps from the Google Play Store.
Cynthia Murrell, June 25, 2021