65% of Phishing Threats Facing Remote Workers Impersonate Google-branded Websites

Google | June 11, 2020

  • The phishing attacks applied a method known as spear phishing to tricks users into disclosing login credentials by impersonating legitimate websites.

  • Google-branded sites accounted for 65% of the attacks experienced during the study, while Microsoft-branded impersonation attacks accounted for just 13%.

  • The form-based phishing attacks applied various methods such as using legitimate sites as intermediaries, using online forms for phishing, and getting access to accounts.


Remote workers faced a barrage of over 100,000 phishing attacks within four months, mostly involving Google-branded websites, according to a report by Barracuda Networks. The phishing attacks applied a method known as spear phishing to tricks users into disclosing login credentials by impersonating legitimate websites. Google-branded sites accounted for about 65,000 of the attacks making up for 65% of the attacks experienced during the study, while Microsoft-branded impersonation attacks accounted for just 13% of the attacks registered between January 1, 2020, and April 30, 2020.


The form-based phishing attacks applied various methods such as using legitimate sites as intermediaries, using online forms for phishing, and getting access to accounts without the use of passwords. Google file-sharing and storage websites accounted for 65% of phishing attacks targeting remote workers within the first four months of the year. These phishing attacks involved the use of Google’s domains, such as storage.googleapis.com (25%), docs.google.com (23%), storage. cloud.google.com (13%), and drive.google.com (4%). Microsoft brands were used in 13% of the attacks, including onedrive.live.com (6%), sway.office.com (4%), and forms.office.com (3%).



Read more: GOOGLE'S ADVANCED PROTECTION CYBERSECURITY NOW AVAILABLE TO NEST USERS

Organizations should also educate their employees on online security to help them navigate the complex attack landscape that keeps changing. This training would come in handy, especially for remote workers who are more prone to phishing attacks .

~ Google


Other brands used to target remote workers included sendgrid.net, which contributed to 10% of the phishing attacks. Mailchimp.com and formcrafts.com accounted for 4% and 2%, respectively. Barracuda Networks senior product marketing manager for email, Olseia Klevchuk, said cybercriminals prefer to use Google’s services because they are more accessible and are free to use, thus allowing them to create multiple accounts. She added that the methods that criminals use, such as sending a phishing email with a link to a legitimate site, make it harder to detect these forms of phishing attacks.


Steve Peake, the UK systems engineer for Barracuda Networks, says brand-impersonation spear phishing attacks formed a popular and successful method of harvesting a user’s login credentials. With more people than ever working from home, cybercriminals found an opportunity to flood people’s inboxes with phishing emails. With the advancement of the attacks in recent times, now hackers can even create an online phishing form or page using the guise of legitimate services to trick unsuspecting users. Criminals impersonate legitimate sites by creating emails that appear to have been generated automatically by file-sharing sites such as Google Drive or OneDrive.


Many attackers know that if they want to attack someone specific, it’s more likely to succeed if their initial attacks lands in a target’s email box late at night or early in the morning when they’re not as focused, and when the attacker can most convincingly pretend to be someone else.


The criminals then redirect the remote workers to a phishing site through a file stored on the file-sharing site. These phishing sites then request the users to provide login details to access the content. To create data forms resembling login pages, criminals are using online forms services provided by companies such as forms.office.com, and send these forms to unsuspecting users. These services trick many users because they reside on the official companies’ domain and hence appear trustworthy. Most users do not realize that companies do not use these domains for login or password recovery. For example, Google does not ask users to log in through docs.google.com but instead uses account.google.com for authentication. For an ordinary user, the difference is too subtle to raise any suspicions.


Hackers have also applied non-password methods to access user accounts. Users are requested to accept app permission for rogue apps after logging in through legitimate sites. By granting these permissions, the users give the hackers their accounts’ access token, thus allowing them to log in at will. These attacks cannot be prevented by enabling two-factor authentication because the apps are given long-term access to the account. They also remain unnoticed for a long time because users forget which apps they have granted permissions to access their accounts. Users should be vigilant in detecting suspicious activities on their accounts. Most accounts provide an account history that allows users to view the time and location their accounts were accessed from.


Read more: SECURITYSCORECARD REVAMPS ITS CYBERSECURITY RISK MANAGEMENT PRODUCT AMIDST GLOBAL SHIFT TO REMOTE WORK

Spotlight

We surveyed 1,000 IT professionals about the security landscape and uncovered shocking business threats driving the need to make endpoint management a priority. Endpoint management tools simplify the IT management process and protect the organization by allowing a company to centrally manage, update and troubleshoot all its devices including desktops, laptops, routers, mobile phones, and more.


Other News
DATA SECURITY, PLATFORM SECURITY

BigID Wins “Compliance Software Solution of the Year” in 6th Annual CyberSecurity Breakthrough Awards Program

BigID | October 11, 2022

BigID, the leading data intelligence platform for privacy, security, and governance, today announced that it has been awarded “Compliance Software Solution of the Year” in the 6th annual CyberSecurity Breakthrough Awards program conducted by CyberSecurity Breakthrough, a leading independent market intelligence organization that recognizes the top companies, technologies and products in the global information security market today. “This recognition from CyberSecurity Breakthrough highlights our commitment to providing customers with security and compliance solutions that are designed for today and tomorrow’s data challenges. “We designed BigID to be an actionable data intelligence platform built for enterprise scale - all while meeting continuously shifting compliance requirements.” Dimitri Sirota, CEO and co-founder of BigID The mission of the CyberSecurity Breakthrough Awards is to honor excellence and recognize the innovation, hard work and success in a range of information security categories, including Cloud Security, Threat Detection, Risk Management, Fraud Prevention, Mobile Security, Email Security and many more. This year’s program attracted more than 4,100 nominations from over 20 different countries throughout the world. “Organizations need to be able to find, classify, inventory, and manage all of their sensitive data, regardless of where or what it is. It's a momentous task and requires addressing common challenges including, but not limited to: Siloed data, lack of visibility and accurate insight, and balancing legacy systems with cloud data. All while meeting a litany of compliance requirements,” said James Johnson, managing director, CyberSecurity Breakthrough. “BigID is purpose-built to discover and manage all enterprise data - business, regulated, sensitive, critical, and personal data. A hearty congratulations on winning the ‘Compliance Software Solution of the Year’ award.” With BigID, customers can automate alerts on cross-border data-sovereignty violations, and ensure compliance with CCPA, GDPR, HIPAA, PCI and other data privacy and protection regulations and security frameworks. About BigID BigID's data intelligence platform enables organizations to know their enterprise data and take action for privacy, security, and governance. Customers deploy BigID to proactively discover, manage, protect, and get more value from their regulated, sensitive, and personal data across their data landscape. BigID has been recognized for its data intelligence innovation as a 2019 World Economic Forum Technology Pioneer, named to the 2021 Forbes Cloud 100, the 2021 Inc 5000 as the #19th fastest growing company and #1 in Security, a Business Insider 2020 AI Startup to Watch, and an RSA Innovation Sandbox winner. Find out more at https://bigid.com. About CyberSecurity Breakthrough Part of Tech Breakthrough, a leading market intelligence and recognition platform for global technology innovation and leadership, the CyberSecurity Breakthrough Awards program is devoted to honoring excellence in information security and cybersecurity technology companies, products and people. The CyberSecurity Breakthrough Awards provide a platform for public recognition around the achievements of breakthrough information security companies and products in categories including Cloud Security, Threat Detection, Risk Management, Fraud Prevention, Mobile Security, Web and Email Security, UTM, Firewall and more.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Blackpoint Cyber Launches Three Product Features

Blackpoint Cyber | November 11, 2022

Blackpoint Cyber, a leading technology-focused cybersecurity company, has released three product features this fall, as they look ahead to 2023. “I am consistently blown away by the Blackpoint Cyber team. Our desire to improve the security posture for our partners is an ongoing journey as we continue to expand an ecosystem of products which address the needs of MSPs and customers in todays’ dynamic threat landscape. As someone with previous experience in the MSP space, it is refreshing to see how much our team really loves the channel and strives to regularly provide additional value by helping MSPs to secure themselves as well as their customers,” said Justin Weller, Director of Business Development at Blackpoint Cyber. Blackpoint partners can stay ahead of cyberthreats with the following products: Security Configuration Benchmarks for M365 – Vulnerability Mapping to CIS Benchmarks for Cloud Environments CIS foundation benchmark for M365 and Azure provide prescriptive guidance for establishing a secure baseline configuration. Blackpoint has reviewed every control on your behalf and made recommendations on several to harden your customer environments. Now you can compare your security measures to Center of Internet Security Benchmarks directly in the Blackpoint portal. Assess your standing against these internationally recognized security standards and implement the recommended changes to reduce the attack surface in cloud tenants. MDE Vulnerability Report—Security Visibility Unlocked The capabilities of Blackpoint’s product bundle, Blackpoint Response, have grown. With Managed Defender for Endpoint, we've introduced internal vulnerability reporting to help you better assess your customers’ security posture, directly within the portal. The reports include recommendations for remediation and simplify the process to action them. Improvements based on the reports may pertain to expiring certificates, device exposure, or vulnerable software. macOS Agent—The Power of MDR Within Your Mac After many requests from their partner community, due to a lack of true Mac MDR, Blackpoint’s flagship MDR product, SNAP-Defense, is now available to monitor and respond to threats on Apple devices running macOS. As the macOS market share in business settings continues to grow, Blackpoint partners now have the capability to provide protection to those assets. About Blackpoint Cyber Blackpoint Cyber offers the only world-class, nation-state-grade cybersecurity ecosystem serving the MSP community. Using its own software and SOC, Blackpoint’s true 24/7 MDR service not only detects breaches earlier than any other solution on the market, but also provides an actual response rather than just an alert to keep your and your clients’ networks safe from widespread damage.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Next DLP Announces Cybersecurity Industry Veteran, Constance Stack, as New CEO

Next DLP | November 03, 2022

Next DLP (“Next”), formerly Qush Security, today announced the appointment of Constance (“Connie”) Stack as its new chief executive officer. With Stack leading the way, Next expects to aggressively grow its market share and disrupt the legacy Data Loss Prevention (DLP) category. The DLP market is projected to reach 3.5 Billion USD by 2025 with the SaaS deployment model expected to dominate during the forecast period. Next’s “Reveal Cloud”, which was included in Gartner’s 2022 Market Guide for Data Loss Prevention, is an industry leading, user-centric, DLP solution, that uncovers risk, educates employees and fulfills security, compliance and regulatory needs. “This is an exciting time for all of us at Next DLP,. “We are pleased to have Connie lead Next and believe her leadership will further accelerate the company’s growth and deliver on our mission of reinventing data protection for today's distributed organization.” Fredrik Halvorsen, Chairman of Next’s board of directors and co-founder of Ubon Partners Most recently, Stack served as Managing Director/GM of the Data Protection Business Unit for HelpSystems, which included the Digital Guardian, Titus, Boldon James and Vera brands. Prior to acquisition by HelpSystems, Stack served as chief strategy officer and chief marketing officer of Digital Guardian. Earlier in her career, Stack was vice president of marketing at Veracode (acquired by CA Technologies) and chief revenue officer at WordStream (acquired by the Gannett Company). “Today’s most used DLP solutions came to market over twenty years ago; before the shift to cloud and SaaS really took off and well before the COVID-19 pandemic drove global knowledge workers to a remote working model. Put plainly, legacy DLP approaches are outdated and prone to failure,” said Constance Stack, Chief Executive Officer, Next DLP. “Next DLP offers a new and flexible approach to protecting data where it is most at risk. Its patent-pending endpoint agent and cloud platform were purpose-built for today’s IT environment and threat landscape. I look forward to this opportunity to work with Next’s incredibly talented team and to deliver DLP that works to our customers.” About Next DLP Next DLP (“Next”) is a leading provider of data protection solutions for organizations with valuable data who need to uncover risk, educate employees and fulfill security, compliance and regulatory needs. Next's mission is to reinvent data protection for today's distributed organization and it is disrupting the legacy data loss prevention market with a user-centric, flexible, cloud-native, AI/ML powered solution built for today’s threat landscape. The company's leadership brings decades of cyber and technology experience from HelpSystems, DigitalGuardian, Forcepoint, Mimecast, IBM, Cisco and Shopify. Next is trusted by organizations big and small, from Fortune 100 finance and retailers to fast growing healthcare and technology companies.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

LMG Security Introduces New Proactive Cybersecurity Solutions

LMG Security | September 30, 2022

LMG Security, an internationally recognized cybersecurity consulting firm, has expanded its popular selection of cybersecurity advisory, testing, and training services with a new line of cybersecurity solutions. These solutions are designed to reduce the burden organizations face from implementing or managing cybersecurity technology, as well as create fast, easy access to skilled cybersecurity staff to augment internal teams. LMG Security is pleased to announce it now offers the following new solutions and services: Virtual CISO and Staff Augmentation: Organizations struggle to find and retain cybersecurity talent. LMG Security provides staff augmentation services that enable organizations to quickly access the specialized cybersecurity skills they need on a fractional basis. Endpoint Detection and Response Implementation: LMG Security implements and seamlessly integrates an endpoint detection and response solution that helps organizations defend against zero-day attacks, supply chain vulnerabilities, and other common cybersecurity threats. Multi-Factor Authentication Implementation (MFA): Protect against attack vectors such as phishing, business email compromise, and cross-cloud attacks with a customized MFA implementation. Password Manager Implementation: A password manager is a simple, affordable way to decrease the risk of a data breach from weak or reused passwords. LMG Security's team implements the password manager and ensures that it is optimally configured. Managed On-Demand Employee Cybersecurity Training: Get experts to design and manage your cybersecurity training for you. An LMG Security cybersecurity specialist will plan and monitor your training program to ensure your employees have the skills to be an effective "human firewall." Continuous Attack Surface Monitoring: LMG Security's team implements and seamlessly integrates a solution that scans Internet-facing systems to help organizations identify assets that are exposed or vulnerable. All LMG Security cybersecurity solutions are implemented and managed by experts who ensure that each solution follows all cybersecurity best practices and is optimally integrated with each organization's existing tech stack. "Organizations are struggling to find and hire skilled cybersecurity talent. "We make it easy for our clients by offering expert virtual CISO and cybersecurity staff augmentation services, as well as implementation and management services for key cybersecurity solutions." Davidoff continued, "IT teams are stretched to the limit at most organizations. We're excited to launch these new cybersecurity solutions that will help organizations defend against the constantly changing threat landscape." Sherri Davidoff, president and CEO of LMG Security ABOUT LMG Security LMG Security is an internationally recognized leader in the cybersecurity consulting industry. This full-service cybersecurity firm provides one-stop shopping for a wide array of cybersecurity services. Specializing in technical testing, advisory and compliance services, and training for more than a decade, the LMG Security team's security testing services were featured on the Today show. In addition, the team has published cutting-edge research on cell phone intrusion detection and banking Trojans, written books on network forensics, data breaches, and an upcoming book on ransomware and cyber extortion, and routinely speak or train at Black Hat, RSA and many other security conferences. LMG Security is privately held and headquartered in Missoula, Montana.

Read More

Spotlight

We surveyed 1,000 IT professionals about the security landscape and uncovered shocking business threats driving the need to make endpoint management a priority. Endpoint management tools simplify the IT management process and protect the organization by allowing a company to centrally manage, update and troubleshoot all its devices including desktops, laptops, routers, mobile phones, and more.

Resources