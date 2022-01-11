



Dive Briefs: It turns out that a malicious person is using a loophole in Google Docs sharing to comment a malicious link to an unsuspecting user. According to Avanan’s research, the company provided Google with the latest findings on January 3rd. Doc comments, users receive email notifications of mention. Email notifications are a Google application auto-reply, showing only the user’s name, not the email address, making comments an effective spoofing tool. Avanon discovered that an attacker could insert a malicious link into a comment across Google Workspace. While Outlook users are the primary target, Avanon has detected activity in over 500 inboxes across 30 tenants from hackers with over 100 different Gmail accounts. Dive Insight:

Despite the increasing use of productivity tools in enterprises, email is the preferred attack vector for malicious attackers, as the credentials of platforms like Slack are less sought after by cybercriminals. It remains. Attackers often launch attacks from compromised email accounts.

According to the Ponemon Institute, phishing attacks cost US companies an average of $ 15 million in 2021, a significant increase from an average of $ 3.8 million in 2015. Recovering business email costs about $ 6 million annually for businesses.

Google Docs phishing threats do not require legitimate email for target-only spoofing.

Comment notifications are sent directly from Google and are included in the “most permission list” for reviewing emails, Avanan said. This allows malicious attackers to circumvent traditional scanners, anti-spam filters, and the human instinct to ask email.

Google only sends alerts to users, not the user’s email address mentioned in the comments, so users can’t send alerts if the sender comes from within the company.

Abanan has the address “[email protected]”If the user submits a comment that contains a malicious link, the target will only see” the malicious actor mentioned you in the comment, “the company said.

“If BadActor is a colleague, it looks trusted,” Avan wrote. “The email contains a complete comment with a link and text. The payload is contained in the email itself, so the victim does not need to access the document.” The malicious person said the document. You don’t have to share the whole thing, email notifications are sufficient for phishing.

The abuse of Google Docs was discovered in October 2020, and Shulin Ye of the Gmail help forum posted guidance for mitigation. Google hasn’t completely fixed the situation since 2020. Malicious people are taking advantage of false safety warnings from apps provided by Google.

In June, Avanan discovered a malicious person who created web pages similar to Google Docs shared pages and uploaded them to Google Drive. “Just insert this link into your email and press send,” the company said. Since then, Avanan has discovered a “wave” of attackers using email and productivity tools as vectors through spoofing and phishing. This time, less effort is required to refer to the comments.

