Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 7 submissions in the queue.

Phishing Campaign Uses Google Drive to Bypass Email Gateways

posted by Fnord666 on Saturday August 17 2019, @11:07AM   Printer-friendly
from the hook-them-and-crook-them dept.

upstart writes:

Submitted via IRC for SoyCow7671

Phishing Campaign Uses Google Drive to Bypass Email Gateways

A highly targeted phishing campaign was recently observed while bypassing a Microsoft email gateway using documents shared via the Google Drive service to target the staff of a company from the energy industry.

Google Drive is a file storage and synchronization service created by Google that enables its users to store files in the cloud and effortlessly synchronize them between devices and platforms. The documents used to link to the phishing landing page were delivered using Google Docs, Google's online word processor.

The phishing messages spotted by Cofense security researchers impersonated the CEO of the company and tried tricking the employees to open an "important message" shared via Google Docs, Google's online word processor.

"The email is legitimately sent by Google Drive to employees and appears to be shared on behalf of the CEO by an email address that does not fit the email naming convention of the targeted company," found Cofense.

This made it possible for the attackers to take advantage of Google's legitimate service to circumvent the phishing detection protection provided to the company by the Microsoft Exchange Online Protection cloud-based email filtering service.

In reality, the document linked to a Google Docs document which, in turn, redirected the potential victims to the attackers' phishing landing pages that would request them to enter their credentials to access the CEO's urgent message.

"The link within the email body is also hard to defend against because it links to an actual Google Drive share," also found the Cofense researchers.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Phishing Campaign Uses Google Drive to Bypass Email Gateways | Log In/Create an Account | Top | 5 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Sunday August 18 2019, @05:15AM

    by Anonymous Coward on Sunday August 18 2019, @05:15AM (#881665)

    My work went with o365 for staff and faculty and Google Apps for students. MS has the worst spam scanning of anybody. My uncaught spam messages went from* almost non-existent with near zero misclassified ham to 10 uncaught spams per day in my inbox (a good portion of these are phishing emails), and tons of ham misclassified as spam. Fucking worthless shit. We also have been getting repeatedly hit with successful phishing campaigns since switching, since MS doesn't even catch phishing emails claiming to be from MS?!!! I also have a Google student account, and it has never had a phishing email make it to its inbox.

    This google drive vector might be a problem for folks using a mail filtering system created and operated by a competent organization. But, for MS o365 (used as the example in TFA), this vector is irrelevant.

    We used to use a postfix + postscreen + amavis + spamassassin etc. setup that was very effective.