Google Workspace tools are being exploited by hackers

G Suite rebranded
(Image credit: Google)
Audio player loading…

Cyberattackers are using Google’s rebranded productivity apps (opens in new tab) suite to launch phishing campaigns. 

Back in October, it was revealed that G Suite tools like Gmail, Google Docs and Google Meet would be grouped under a new Google Workspace (opens in new tab) brand. Well, it hasn’t taken long for threat actors to abuse the service.

A new report published by security firm Armorblox claims that the free, open system provided by Google is providing plenty of opportunities for cybercriminals to defraud organizations, steal user credentials and install malware.

“The Armorblox threat research team has seen a sharp uptick in attackers using Google services to help them get emails past binary security filters based on keywords or URLs,” Arjun Sambamoorthy, the Cofounder and Head of Engineering at Armorblox, explained (opens in new tab)

“(W)e will outline five targeted phishing campaigns that weaponize various Google services during their attack flow. These attacks are representative but in no way exhaustive - they are the tip of a deep iceberg. If successful, these email attacks using Google services could have potentially impacted tens of thousands of mailboxes within Armorblox customer environments alone.”

A phishing campaign at work

The five identified phishing campaigns included an American Express credential phishing campaign hosted on a Google form, a benefactor scam reconnaissance exploit, and the impersonation of a security administrator using Google’s Firebase mobile platform. A payroll scam involving Google Docs and a Microsoft Teams credential phishing campaign using Google Sites were also discovered.

The use of Google tools is becoming more widespread among threat actors as they give an air of credibility to their malicious communications. Google Docs, for example, is so prevalent in most people’s lives that it easily avoids suspicion. It also escapes most email security filters – certainly until a particular attack method has been identified.

Once a particular phishing campaign has achieved notoriety, security software will usually block the relevant emails. But a lot of the damage may have already been done by then. The best protection relies on individuals treating every email with caution, scanning them and, if there’s any doubt, leaving suspicious links well alone.

Via Bleeping Computer (opens in new tab)

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.