9/16/2023 0 Comments Gogole docs phoishingSince three of the most widely used SaaS apps containing the same flaw, “it’s very likely that similar issues exist in other SaaS apps”, warned Sobers. With this abuse, the URL and certificate are completely valid.” Sobers continued: “Also, savvy users can typically pick up on subtle differences when loading a fake URL in their browser – things like an invalid security certificate or misspelled subdomain. In this case, since we’re spoofing the REAL URL, there’s no way for these types of technologies to automatically filter or flag the URL as malicious.” “They would normally block a faked or misspelled URL (like ). “It can make a massive difference because spoofed links appear legitimate to security technologies like email filters and CASBs (Cloud Access Security Broker],” Sobers told The Daily Swig. This attack technique, as demonstrated in this video, would act to massively boost the success rate of phishing or malware distribution campaigns, according to Varonis CMO Rob Sobers. “Achieving this is as easy as changing the subdomain in the link.” Hit rate “As a result, threat actors can use their own SaaS accounts to generate links to malicious content (files, folders, landing pages, forms, etc.) that appears to be hosted by your company’s sanctioned SaaS account,” reads a blog post published by Varonis Threat Labs. Read more of the latest phishing news and attacks Researchers from Varonis Threat Labs found that the SaaS applications validated vanity URLs’ URI (the unique sequence of characters at the end of the link), but not its descriptive subdomain (the portion preceding the URI). The vulnerabilities discovered in Box, Zoom, and Google Docs enable attackers to abuse the apparent reassurance vanity URLs offer recipients that they are dealing with a legitimate organization rather than cybercriminals. Widely used by software-as-a-service (SaaS) applications, vanity URLs are used to share or request files, invite users to register for events, and so on. Vanity URLs can be customized to include a brand name and a description of the link’s purpose (for example, brandname/registernow) and typically redirect to a longer, generic URL. If you are an Applied Tech customer and you or a member of your team believe they have clicked the Google docs link, please reach out to Applied Tech right away.Attack technique bypasses email filters and burnishes credibility of phishing linksĪ failure to validate subdomains within so-called ‘vanity URLs’ by Box, Zoom, and Google Docs created a powerful way to enhance their phishing campaigns, security researchers have revealed. Doing that will help ensure that, even if hackers do trick you out of your password, they will likely be unable to use it. If you haven’t already, make sure you have two-factor authentication set up on your Google accounts. The countermeasures Google described are likely to stop the spread of the attack, but as one security expert noted, the attacker has already had time to harvest million of email addresses via victims’ Gmail contact lists.īut there is a very good way to protect yourself. Google said users who clicked the email can check their accounts for a breach though. Google said it has a team working to prevent similar account “spoofing” from happening again. “We’ve removed the fake pages, pushed updates through Safe Browsing,” Google tweeted. In a statement, Google said it’s taken action to protect users against the attacks and disabled offending accounts. Google Docs said in a tweet Wednesday afternoon that it’s investigating the phishing messages, and it encouraged users to not click it and report it to Gmail. One of the giveaways is the subject line is garbled and the email may come from an unexpected source or contact. Once someone clicks on the link, which in some cases appears in a blue box with the words “Open in Docs,” it will attempt to hijack the user’s account and can send the link to the user’s email contacts, too, perpetuating the problem. An email phishing scam luring people to click on a malicious link has resurfaced.īusinesses, schools, individuals and others have been hit with a phishing email that asks users to click on a Google Doc.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |