Your Gmail account may not stop the attacks the way you think

There are millions of enterprises that have been integrated into the Google ecosystem with Android, Gmail, Search, Docs, Maps, YouTube, and many more products that the search giant has to offer. Google's G Suite brings much-needed convenience and organization to the enterprise cloud. But, can a Google Drive account be hacked? All of these things are controlled using one Gmail account. Due to such high-level integration, it becomes mandatory to keep your Gmail account secure and protected, because if it is compromised, then your whole Google ecosystem will be at risk.

A report says, about 92% of startups are using Gmail; 60% of mid-sized businesses use it as well. More than 5 million businesses use Gmail. So far, Gmail has established itself as the popular email service for businesses of all sizes. Now the cyber attackers are not only targeting email, but the entire Google Workspace, including popular apps like Docs and Slides. Without full-suite security, your Google Workspace is at risk. When Avanan, acquired by Check Point Software, published an attack brief about the Google Docs comment exploit. The attack occurs when a threat actor adds a comment to a Google Doc (or any part of the Google Workspace).

The target is mentioned with an @ sign. By doing so, an email is automatically sent to that person’s inbox. In that email, which comes from Google, the full comment, including the bad links and text, is included. Further, the email address isn’t shown, just the attackers’ name, making this ripe for impersonators.

The researchers say, Google is about the middle of the road when it comes to preventing phishing emails from reaching the inbox: But the question is, can a ransomware use the entire G-Suite as a weapon, and how to stop the attacks that Gmail and others miss. Although Google scans for known malware uploaded to Drive, it has no way to identify Zero-Day malware.

This presents an easy way for hackers to spread a malicious file through a trusted platform. They can host malware with a public docs.google.com link that will be considered as a trusted domain by every email filter. It is very unlikely that any organization will block the Google domain. Google’s Threat Analysis Group tracks actors involved in disinformation campaigns, government backed hacking, and financially motivated abuse.

So far in 2021, Google has sent over 50,000 warnings, a nearly 33% increase from this time in 2020. This spike is largely due to blocking an unusually large campaign from a Russian actor known as APT28 or Fancy Bear. When you are on the cloud, attacks can come from anywhere.

Dr. Deepak Kumar Sahu, President & CEO, VARINDIA