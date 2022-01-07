



According to a study by cybersecurity firm Avanan, hackers are using the productivity features of Google Docs to slip malicious content through spam filters and security tools.

Avanan’s Jeremy Fuchs said in December that he saw cyber attackers using the commenting capabilities of Google Docs and Google Slides to exploit attacks against Outlook users.

“In this attack, a hacker is adding a comment to Google Docs. The comment mentions the target with @. That will automatically send the email to that person’s inbox. From Google. This email is suitable for spoofing, as the entire comment will be sent, including malicious links and text, and the email address will not be displayed, only the attacker’s name will be displayed. “I do,” Fuchs wrote in a blog post.

This technique has long been used by cybercriminals, and Google released a fix for this issue in 2020. However, Avanan contained an image showing a researcher testing a flaw in Google Docs and Google Slides using a malicious link added to the comment.

“It’s primarily aimed at Outlook users, but it’s not exclusive. 30 tenants have access to over 500 inboxes, and hackers use over 100 Gmail accounts,” Fuchs added. , Pointed out that the mail function of Google Docs makes it difficult to stop the scanner. Attacks because emails are sent directly from Google.

Google is on most allow lists, Fuchs explains, and most users trust email from Google. E-mail does not use the hacker’s e-mail address, only the display name, so anti-spam features are also ineffective against attacks. No one knows if the comment is from someone in the company or elsewhere.

“In addition, the email contains a complete comment with a link and text. The payload is contained in the email itself, so the victim does not need access to the document. Finally, the attacker You don’t even have to share the document. It’s enough to mention that person in the comments. “

The company said last year that it reported another Google Docs exploit that makes it easier for hackers to deliver malicious phishing websites to end users.

Avanan suggested that users check multiple times before clicking a link in a Google Docs comment sent.

Many cybersecurity experts have repeatedly stated that this type of attack has been successful and has been used by cyberattackers for many years.

Shawn Smith, infrastructure director at nVisium, said the attack was not much different from many other phishing techniques.

“Users should always be aware of links in emails (even emails from legitimate senders) because their accounts can be compromised. This is itself” It is unlikely to be classified as an “exploit”. Cases of lack of anti-spam. “

“In addition to checking the link, the user hovers the cursor over the link before clicking to make sure that the embedded hyperlink does not send the link to a site that is completely different from what the link indicates. is needed.”

