Cloud services are under attack. If you didn’t already know, Gmail and G Suite users are experiencing a wave of new attacks that are abusing the inherent trust that we have placed on such cloud services. Popular applications are currently being leveraged to phish users, spread malware, and direct unsuspecting victims to nefarious sites.
Have you ever received a meeting invitation to your Google calendar from an unknown party? If so, join the millions in the same club. Attackers are now sending malicious links embedded in calendar invitations, Google photos, Google forms, Google drive, and even Google Analytics.
So, how do you avoid falling prey to these attacks?
The popular cloud productivity and office applications are being targeted due to the connections that such applications have to users’ smartphones and other devices. On a daily basis, we are riddled with alerts, push notifications, and pop-ups to the point of alert fatigue. Users are clicking more than ever on things that they simply should not. When you receive an alert from these popular services, it is sometimes unclear if they are warranted or not. Be extremely cautious as malware links are now being heavily injected into such surfaces.
Cutting through the clutter of alerts, notifications, and invitations can be a daunting task for the busy professional. Therefore, we must take the time to review such solicitations for validity. Simply put; if you were not expecting something, proceed with caution.
We want to pass along some actionable advice to help to ensure that you remain aware of these new attack vectors and take extra precautions:
- Never open emails or attachments from someone that you do not know or that you were not expecting. By simply opening an email or attachment from a malicious attacker, you may reveal sensitive information to them or even worse; fully compromise your security and privacy. Be cautious regarding unsolicited emails and especially those that contain attachments or links.
- Never accept invitations from people that you do not know. Attackers are doing more than sending spam emails. Adversaries are constantly findings new ways to compromise their victims and calendar invites are a new mainstay for them. Be careful if you receive an unsolicited invitation and immediately delete the request. These requests can include malicious links and redirect you to nefarious sites that distribute malware or steal credentials.
- Never, ever, ever entertain requests to enter credentials unless you have specifically initiated the request. Attackers will send emails or direct you to web pages that request usernames and passwords. These are very dangerous scenarios for victims as they often lead to full account compromises. Getting back into your account once an attacker has access can be time consuming and it may be too late.
- Apply security best practices to your email, calendar, and cloud applications. Implementing multifactor authentication on every service that offers this is a very good idea. Attackers are seeking the low-hanging fruit and multifactor authentication can remove you from the “easy” list of victims. Give them a fight!
- Attackers are now performing “SIM swapping” and “number porting”. This is when an attacker will manipulate your cellphone carrier into transferring your SIM or number to a different device that the attacker controls. Once this happens, they have control over much more than your email. They can have unadulterated access over every application on your smartphone, including your multifactor authentication codes! Call your cellular provider and talk to them about securing your phone number and SIM from fraudulent actions and attacks. They should know what you are referring to and if not; ask for their supervisor.
Follow these steps and be careful of these new and devious attack methodologies. Our adversaries are persistent, intelligent, and motivated to fool you.
If you think your employees are at risk of falling for these traps, it may be time to consult the IGI cybersecurity team.