65% of Phishing Threats Facing Remote Workers Impersonate Google-branded Websites

Google | June 11, 2020

  • The phishing attacks applied a method known as spear phishing to tricks users into disclosing login credentials by impersonating legitimate websites.

  • Google-branded sites accounted for 65% of the attacks experienced during the study, while Microsoft-branded impersonation attacks accounted for just 13%.

  • The form-based phishing attacks applied various methods such as using legitimate sites as intermediaries, using online forms for phishing, and getting access to accounts.


Remote workers faced a barrage of over 100,000 phishing attacks within four months, mostly involving Google-branded websites, according to a report by Barracuda Networks. The phishing attacks applied a method known as spear phishing to tricks users into disclosing login credentials by impersonating legitimate websites. Google-branded sites accounted for about 65,000 of the attacks making up for 65% of the attacks experienced during the study, while Microsoft-branded impersonation attacks accounted for just 13% of the attacks registered between January 1, 2020, and April 30, 2020.


The form-based phishing attacks applied various methods such as using legitimate sites as intermediaries, using online forms for phishing, and getting access to accounts without the use of passwords. Google file-sharing and storage websites accounted for 65% of phishing attacks targeting remote workers within the first four months of the year. These phishing attacks involved the use of Google’s domains, such as storage.googleapis.com (25%), docs.google.com (23%), storage. cloud.google.com (13%), and drive.google.com (4%). Microsoft brands were used in 13% of the attacks, including onedrive.live.com (6%), sway.office.com (4%), and forms.office.com (3%).



Read more: GOOGLE'S ADVANCED PROTECTION CYBERSECURITY NOW AVAILABLE TO NEST USERS

Organizations should also educate their employees on online security to help them navigate the complex attack landscape that keeps changing. This training would come in handy, especially for remote workers who are more prone to phishing attacks .

~ Google


Other brands used to target remote workers included sendgrid.net, which contributed to 10% of the phishing attacks. Mailchimp.com and formcrafts.com accounted for 4% and 2%, respectively. Barracuda Networks senior product marketing manager for email, Olseia Klevchuk, said cybercriminals prefer to use Google’s services because they are more accessible and are free to use, thus allowing them to create multiple accounts. She added that the methods that criminals use, such as sending a phishing email with a link to a legitimate site, make it harder to detect these forms of phishing attacks.


Steve Peake, the UK systems engineer for Barracuda Networks, says brand-impersonation spear phishing attacks formed a popular and successful method of harvesting a user’s login credentials. With more people than ever working from home, cybercriminals found an opportunity to flood people’s inboxes with phishing emails. With the advancement of the attacks in recent times, now hackers can even create an online phishing form or page using the guise of legitimate services to trick unsuspecting users. Criminals impersonate legitimate sites by creating emails that appear to have been generated automatically by file-sharing sites such as Google Drive or OneDrive.


Many attackers know that if they want to attack someone specific, it’s more likely to succeed if their initial attacks lands in a target’s email box late at night or early in the morning when they’re not as focused, and when the attacker can most convincingly pretend to be someone else.


The criminals then redirect the remote workers to a phishing site through a file stored on the file-sharing site. These phishing sites then request the users to provide login details to access the content. To create data forms resembling login pages, criminals are using online forms services provided by companies such as forms.office.com, and send these forms to unsuspecting users. These services trick many users because they reside on the official companies’ domain and hence appear trustworthy. Most users do not realize that companies do not use these domains for login or password recovery. For example, Google does not ask users to log in through docs.google.com but instead uses account.google.com for authentication. For an ordinary user, the difference is too subtle to raise any suspicions.


Hackers have also applied non-password methods to access user accounts. Users are requested to accept app permission for rogue apps after logging in through legitimate sites. By granting these permissions, the users give the hackers their accounts’ access token, thus allowing them to log in at will. These attacks cannot be prevented by enabling two-factor authentication because the apps are given long-term access to the account. They also remain unnoticed for a long time because users forget which apps they have granted permissions to access their accounts. Users should be vigilant in detecting suspicious activities on their accounts. Most accounts provide an account history that allows users to view the time and location their accounts were accessed from.


Read more: SECURITYSCORECARD REVAMPS ITS CYBERSECURITY RISK MANAGEMENT PRODUCT AMIDST GLOBAL SHIFT TO REMOTE WORK

Spotlight

Responding to a cybersecurity incident is a team exercise across the entire organization. Learn how the IBM X-Force Command Center helps companies train as first responders to act quickly and efficiently in the face of an attack.

Spotlight

Responding to a cybersecurity incident is a team exercise across the entire organization. Learn how the IBM X-Force Command Center helps companies train as first responders to act quickly and efficiently in the face of an attack.

Related News

DATA SECURITY

Security experts discovered a 1,500%+ upsurge attacks towards VPN due to remote work

Nuspire | June 15, 2021

A leading managed security services provider (MSSP), Nuspire, has announced its 2021 Q1 Threat Landscape Report release. The report includes techniques and procedures (TTPs) with additional insight from its threat intelligence partner, Recorded Future, and new cybercriminal activity and tactics sourced from 90 billion traffic logs. Nuspire had a 1,527% increase in Pulse Connect Secure VPN and a 1,916% increase in attacks against Fortinet's SSL-VPN in Q1 2021. Various vulnerabilities happen to allow a threat actor to get access to a network. They exfiltrate information and install ransomware once they are in. Due to the increase in RDP and VPN vulnerabilities, threat reports of Nuspire find out botnet, malware, and suspicious activities are down compared to Q4. But still, threat actors are on the prowl. Other significant findings included in Nuspire's 2021 Q1 Threat Landscape Report are: • Emotet botnet activity dropped -99.96% after the announcement of Law Enforcement seizing their infrastructure. • ZeroAccess Botnet activity rushed during one week by 619,460% before trailing down into the end of the quarter. • SMB Login Brute Force efforts contained 69.73% of all exploit activity witnessed in Q1. About Nuspire Nuspire, a security services provider (MSSP), is revolutionizing cybersecurity involvement by taking a hopeful and people-first approach. Nuspire offers complete services that syndicate award-winning threat recognition with more excellent response competencies to deliver end-to-end security across the gateway, network, and endpoint ecosystem. Our customer base spans thousands of enterprises of all sizes across numerous businesses and realizes the extreme risk reduction per cyber-dollar spent. At Nuspire, we are laser-focused on bringing a fantastic cybersecurity experience that surpasses the expectations of the clients.

Read More

DATA SECURITY

To Defend Against Cyber Attacks, MITRE Launched Engage Framework

MITRE | March 03, 2022

MITRE introduced MITRE Engage™, a communication, and planning framework for cyber adversary engagement, deception, and denial efforts. Engage assists chief information security officers (CISOs), cyber defenders, and vendors in implementing protection methods based on real-world adversary behavior. Adversary engagement and deception operations can halve the cost of a data breach, waste an adversary's time, and make attackers more challenging to discover. Engage is mapped to the MITRE ATT&CK® framework, which allows practitioners to quickly identify an attacker's weaknesses when utilizing a given ATT&CK technique and how to exploit them. Maretta Morovitz, MITRE Engage lead, said, “Engage is about empowering the cyber defense community. Every day, adversaries launch cyber-attacks. Some will always slip through. Taller walls aren’t the complete solution. We need to stop what we can and be prepared to engage with those who make it through. With traditional cyber defense, the adversary only needs to be right once, but with cyber deception, the adversary only needs to be wrong once.” Engage offers a standard nomenclature for the cyber security community, based on MITRE's Shield framework and more than ten years of operational experience. The Engage toolkit on the website offers more than just a matrix; it also includes a manual, starter kit, worksheets, posters, and other materials to help you overcome planning challenges while improving your knowledge. CISOs may use Engage to develop a security strategy for their firm, defenders can use it to put that strategy into action, and suppliers can use it to align their products with the aims of their customers. MITRE held a series of focus groups with vendors, defenders, and CISOs over the last year to gather input and insight on Engage's development. MITRE also conducts enemy engagement operations to inform and drive the Engage website's resources. And MITRE is still collecting ideas and feedback from the public about how Engage can help defenses. “Engage goes beyond a framework. It delves deep and wide into the entire process of adversary engagement, from planning to analyzing, Plus, as we grow the Engage community, we can continually improve and mature our research in defending against cyber threats.” -Morovitz

Read More

DATA SECURITY

CRITICALSTART Partners with Managed Detection and Response Provider RangeForce

businesswire | January 11, 2021

RangeForce, the organization that is changing network safety preparing, today declared an association with Texas-based CRITICALSTART, a main online protection supplier of Managed Detection and Response (MDR) administrations. Under terms of the understanding, CRITICALSTART will give the RangeForce intelligent network safety preparing stage to its clients. RangeForce's double way to deal with digital preparation joins cyberskills recreation modules with a completely incorporated digital reach in a SaaS climate. This mix permits security experts and groups to constantly prepare and shield against genuine assaults in an active and connecting with climate. “We are excited to partner with RangeForce to address the cybersecurity training needs of our customers,” said Tera Davis, Managing Director, CRITICALSTART. “Their approach to cyber simulation can fulfill the unique needs of organizations of all sizes.” RangeForce clients generally start their excursion with on-request preparing modules conveyed through job based, prescriptive learning ways. From that point, students keep on taking provokes that range from fledgling to cutting edge capacities to test their aptitudes and report progress. RangeForce's preparation is a financially savvy option in contrast to conventional preparing and on-premise digital reaches. “Skills training and readiness is crucially important to cybersecurity operations for all types of organizations,” said Jackson Thibodeau, Sr. Director of Channels at RangeForce. “At RangeForce, we have a strong commitment to the channel and CRITICALSTART has a reputation and presence that will help us deliver these solutions to customers in their region.” About RangeForce RangeForce makes creating highly skilled cybersecurity defenders simple, flexible, and fast for all enterprises. Powered by the industry’s first SaaS-based, integrated cybersecurity simulation and virtual cyber range, we help customers operationalize a security training program in hours, saving up to 65% over traditional training and up to $1M annually on hosted cyber ranges. RangeForce is revolutionizing cybersecurity training with its adaptive learning to rapidly train and cross-train DevOps, IT, and security professionals, while integrating best-of-breed solutions from a growing ecosystem of RangeForce partners.

Read More