65% of Phishing Threats Facing Remote Workers Impersonate Google-branded Websites

Google | June 11, 2020

65% of Phishing Threats Facing Remote Workers Impersonate Google-branded Websites
  • The phishing attacks applied a method known as spear phishing to tricks users into disclosing login credentials by impersonating legitimate websites.

  • Google-branded sites accounted for 65% of the attacks experienced during the study, while Microsoft-branded impersonation attacks accounted for just 13%.

  • The form-based phishing attacks applied various methods such as using legitimate sites as intermediaries, using online forms for phishing, and getting access to accounts.


Remote workers faced a barrage of over 100,000 phishing attacks within four months, mostly involving Google-branded websites, according to a report by Barracuda Networks. The phishing attacks applied a method known as spear phishing to tricks users into disclosing login credentials by impersonating legitimate websites. Google-branded sites accounted for about 65,000 of the attacks making up for 65% of the attacks experienced during the study, while Microsoft-branded impersonation attacks accounted for just 13% of the attacks registered between January 1, 2020, and April 30, 2020.


The form-based phishing attacks applied various methods such as using legitimate sites as intermediaries, using online forms for phishing, and getting access to accounts without the use of passwords. Google file-sharing and storage websites accounted for 65% of phishing attacks targeting remote workers within the first four months of the year. These phishing attacks involved the use of Google’s domains, such as storage.googleapis.com (25%), docs.google.com (23%), storage. cloud.google.com (13%), and drive.google.com (4%). Microsoft brands were used in 13% of the attacks, including onedrive.live.com (6%), sway.office.com (4%), and forms.office.com (3%).



Read more: GOOGLE'S ADVANCED PROTECTION CYBERSECURITY NOW AVAILABLE TO NEST USERS

Organizations should also educate their employees on online security to help them navigate the complex attack landscape that keeps changing. This training would come in handy, especially for remote workers who are more prone to phishing attacks .

~ Google


Other brands used to target remote workers included sendgrid.net, which contributed to 10% of the phishing attacks. Mailchimp.com and formcrafts.com accounted for 4% and 2%, respectively. Barracuda Networks senior product marketing manager for email, Olseia Klevchuk, said cybercriminals prefer to use Google’s services because they are more accessible and are free to use, thus allowing them to create multiple accounts. She added that the methods that criminals use, such as sending a phishing email with a link to a legitimate site, make it harder to detect these forms of phishing attacks.


Steve Peake, the UK systems engineer for Barracuda Networks, says brand-impersonation spear phishing attacks formed a popular and successful method of harvesting a user’s login credentials. With more people than ever working from home, cybercriminals found an opportunity to flood people’s inboxes with phishing emails. With the advancement of the attacks in recent times, now hackers can even create an online phishing form or page using the guise of legitimate services to trick unsuspecting users. Criminals impersonate legitimate sites by creating emails that appear to have been generated automatically by file-sharing sites such as Google Drive or OneDrive.


Many attackers know that if they want to attack someone specific, it’s more likely to succeed if their initial attacks lands in a target’s email box late at night or early in the morning when they’re not as focused, and when the attacker can most convincingly pretend to be someone else.


The criminals then redirect the remote workers to a phishing site through a file stored on the file-sharing site. These phishing sites then request the users to provide login details to access the content. To create data forms resembling login pages, criminals are using online forms services provided by companies such as forms.office.com, and send these forms to unsuspecting users. These services trick many users because they reside on the official companies’ domain and hence appear trustworthy. Most users do not realize that companies do not use these domains for login or password recovery. For example, Google does not ask users to log in through docs.google.com but instead uses account.google.com for authentication. For an ordinary user, the difference is too subtle to raise any suspicions.


Hackers have also applied non-password methods to access user accounts. Users are requested to accept app permission for rogue apps after logging in through legitimate sites. By granting these permissions, the users give the hackers their accounts’ access token, thus allowing them to log in at will. These attacks cannot be prevented by enabling two-factor authentication because the apps are given long-term access to the account. They also remain unnoticed for a long time because users forget which apps they have granted permissions to access their accounts. Users should be vigilant in detecting suspicious activities on their accounts. Most accounts provide an account history that allows users to view the time and location their accounts were accessed from.


Read more: SECURITYSCORECARD REVAMPS ITS CYBERSECURITY RISK MANAGEMENT PRODUCT AMIDST GLOBAL SHIFT TO REMOTE WORK

Spotlight

Citrix Workspace delivers seamless, secure user access to apps and files on any device all while giving IT the power to manage desktops, laptops, smartphones, tablets across iOS, Android, Windows, Chrome OS, and MacOS platforms. Read this white paper to find out more about how Citrix delivers a UEM solution that offers: Security

Related News

WIRELESS AND MOBILE SECURITY

BeachFleischman and Silent Sector announce their agreement to provide Arizona business owners with cybersecurity services

prnewswire | January 13, 2021

BeachFleischman PC, Arizona's biggest privately claimed CPA firm, declares it has gone into a concurrence with the Phoenix-based network safety firm, Silent Sector, to sell and market Silent Sector's online protection administrations to its customers all through Arizona and cross country. The arrangement grows the current cooperation between the two firms and joins the qualities of both to shield mid-market and arising organizations from digital assaults. The declaration is essential for BeachFleischman's development intends to furnish organizations with extended vital and operational warning arrangements past customary bookkeeping, examining, and charge administrations. "Silent Sector has years of expertise building cybersecurity programs across multiple sectors to help businesses create a competitive advantage, protect their resources and reduce vulnerabilities," said Marc Fleischman, CPA, Chief Executive Officer of BeachFleischman. "We see how disruptive forces are accelerating digital transformation, ecommerce and remote working, and our collaboration with Silent Sector provides our clients with reliable guidance to support their cybersecurity strategy, implementation, and compliance. We look forward to working together." "Silent Sector sees many mid-market and emerging companies struggle to build an effective cybersecurity program to protect their organizations while achieving compliance requirements," said Zach Fuller, Founding Partner of Silent Sector. "For companies without an in-house cybersecurity team, we provide the capabilities of a CISO, Security Engineer, and Security Architect for a fraction of the cost of hiring a single, full-time cybersecurity professional with experience. This makes proper cybersecurity accessible to companies that recognize the need for a formalized security program, but don't have limitless resources." Supplementing BeachFleischman's market reach and scope of expert business administrations, Silent Sector gives online protection benefits that the two firms perceive as being basic to the achievement and life span of mid-market and arising associations. Disclaimer: BeachFleischman PC and Silent Sector, LLC are separate independent legal entities and are not joint ventures, partners or members of a formal business organization. Neither BeachFleischman PC nor Silent Sector, LLC has the authority to bind, act for or incur liability on behalf of the other. About BeachFleischman PC: BeachFleischman PC is Arizona's largest locally-owned CPA firm and a Top 200 largest CPA firm in the United States. The firm has over 200 client service and administrative professionals, and provides advisory, accounting, assurance and tax services to businesses (U.S. and foreign-based), organizations and individuals. BeachFleischman serves clients doing business domestically and internationally and specializes in a variety of Industry-related practice areas, including cannabis, construction, financial & professional, healthcare, hospitality, real estate, manufacturing, not-for-profit and technology businesses.

Read More

DATA SECURITY

Morphisec Announces New Incident Response Services as Enterprise Attacks Escalate

Morphisec | August 16, 2021

Morphisec, a leader in cloud-delivered endpoint and server security solutions, today announced the launch of its new incident response services at HIMSS21. The service will help organizations across the healthcare industry, and various other markets, identify, contain, and report on security incidents in progress while validating or verifying the lack of a breach. Morphisec adds this service at a time when a flood of cyber threats have placed businesses under increasing pressure, making incident response necessary for industries like healthcare and manufacturing that need to be operational 24/7. In fact, Morphisec’s Consumer Healthcare Cybersecurity Threat Index found earlier this year that 1 in 5 Americans had a healthcare provider affected by cyberattacks over the last twelve months. Morphisec’s new IR services aims to assist these organizations with containing in-progress incidents, reducing damage, providing recommendations for long-term risk reduction, and auditing critical infrastructure to ensure the lowest possible risk exposure to a cyberattack. The company's highly experienced and on-demand IR team will be led under the direct supervision of the CTO’s office. “In this worsening threat landscape, it’s vital that all businesses have access to the expertise they need to keep their business up and running in the event of a breach -- even if they lack dedicated security professionals,” said Michael Gorelik, Morphisec’s CTO and head of incident response. “Morphisec’s incident response services help every organization under attack to quickly contain the incident, ensure business continuity, and minimize direct and indirect losses. With extensive experience in security incident investigation, companies are in good hands with our talented IR team who will go above and beyond to help them protect their assets from backdoors and persistent malware.” Morphisec’s incident response services will leverage the company’s zero trust at runtime solution to quickly pinpoint and contain threats, promising immediate results before forensic activities are even finalized. Responders will also educate businesses on the root cause of the incident and, in turn, the required corrective actions to improve their current tools and processes. Forensic collection and investigation of affected assets, including the building of an activity timeline, supplying indicators of compromise (IOCs), scoping the impact, mapping of exfiltrated IP, and more Malware analysis: In-depth analysis of a given malware, backdoor, or fileless code, to identify the potential impact Working around the clock during the investigation, with availability whenever we’re needed The option to develop customized scripts to minimize follow-up impact “As cyberattackers continue to target our critical industries such as healthcare, we’re proud to offer this crucial service to organizations who simply cannot afford downtime,” added Gorelik. “Morphisec's impressive suite of cloud-delivered endpoint and server security solutions are already protecting our customers across 8 million endpoints, and the addition of our new incident response service adds a vital layer to triage critical security incidents and reduce the risk of attack for the future.” About Morphisec Morphisec is the world leader in providing advanced security solutions for midsize to small enterprises around the globe. The company’s security products simplify and automatically block modern attacks from the endpoint to the cloud. Unlike traditional security solutions relying on human intervention, Morphisec delivers operationally simple, proactive prevention. This approach protects businesses around the globe with limited security resources and training from the most dangerous and sophisticated cyber attacks.

Read More

DATA SECURITY

GetApp Annual Data Security Report Reveals Information Security a Top Concern for Businesses

GetApp | September 29, 2021

GetApp, a recommendation engine that helps SMBs make informed software purchasing decisions, released findings from its 2021 Data Security Report. The results reveal that, regardless of industry, information security incidents have become more of a targeted threat for businesses, increasing in amount and efficacy. Of all the security incidents identified by over 900 surveyed employees at U.S. businesses, the three most threatening incidents were: increasingly severe ransomware attacks, more effective phishing schemes, and rampant reusing of passwords. Respondents reported phishing emails have nearly tripled in effectiveness over the past two years. Phishing emails are rapidly becoming more difficult to spot and thus far more destructive. Over the past year, ransomware attacks have increased by 25%. Ransom demands were significantly higher than average for businesses in specific industries, such as banking and financial services and construction, with higher payouts. The report found that password reuse is strongly associated with higher incidences of security breaches. Reported account takeovers were three times as common among people who reuse passwords as those who don’t. Data security threats are becoming more targeted to individual victims, whether that’s a phishing scheme aimed at a specific person or ransomware attacks on a particular company.Companies must redouble security training efforts and fortify their networks to protect against today’s increasingly sophisticated cybercriminals. Zach Capers, senior analyst at GetApp. Alarmingly, 23% of the IT security managers surveyed say their company doesn’t have protocols in place to report a suspected cyberattack and 33% don’t have a formal cybersecurity incident response plan. Read the in-depth report for further insight regarding sensitive data, cyberattacks, and how your industry is keeping up with data security needs. About GetApp GetApp is the recommendation engine SMBs need to make the right software choice. GetApp enables SMBs to achieve their mission by delivering the tailored, data-driven recommendations and insights needed to make informed software purchasing decisions. GetApp is a Gartner company. For more information, visit www.getapp.com. Survey methodology GetApp’s 2021 Data Security Survey was conducted from August 20 to August 24 among 973 respondents to learn more about data security at U.S. businesses. Respondents were screened for full-time employment and 90 identified as their organization’s IT security manager.

Read More

Spotlight

Citrix Workspace delivers seamless, secure user access to apps and files on any device all while giving IT the power to manage desktops, laptops, smartphones, tablets across iOS, Android, Windows, Chrome OS, and MacOS platforms. Read this white paper to find out more about how Citrix delivers a UEM solution that offers: Security