Google raced to patch the issue so this article is a commentary on why so many people were fooled into giving hackers their Google login credentials.
The answer is that we are generally a trusting lot and when asked to do something we do. In fact, Glasswall, a secure email service, recently commissioned a survey that found an astonishing 82% of respondents usually or always open email attachments if they appear to be from a known contact. Of these, 44% open these email attachments consistently every time they receive one, leaving organisations highly vulnerable to data breaches sourced to malicious attachments.
Worse 58% usually opened email attachments from unknown senders. This simply shows what value all the education and media coverage about the prevalence of sophisticated social engineering attacks has achieved – nothing!
- 33% admitted to being a victim of a cyber attack and a further 24% said they may have been a victim.
- 55% said they sent or received at least 11 documents via email every working day, meaning there are 2,585 potentially malicious files in circulation from a single employee each year.
- 20% said the business they work for has no policy on how to handle email attachments, or they have not been made aware of it.
- 5.5% thought "other" types of attachments were suspicious, which included various types prize-winning links or emails with multiple addressees.
- 15% said they always or usually trust email attachments sent by people they have never heard of.
- Only two people named Word documents as being suspicious and only two said they regarded "spreadsheets" as a potential threat, despite the continuing prevalence of these file-types in the perpetration of successful cyber-attacks.
- 58% said they would feel safer from cyber-crime if their employer had the right technology to protect them.
Simon Taylor, vice-president of products at Glasswall, said, “Cyber criminals know that productivity suites like O365 and Google, as well as dynamic documents and other types of shared files, are the lifeblood today’s internet users. This includes consumers and employees of massive corporations, and often they’re one and the same.”
Greg Sim, chief executive of Glasswall Solutions, said, "Employees need to trust their emails to get on with their work, but with 94% of targeted cyber-attacks now beginning with malicious code hidden in an email attachment, the security of major businesses should no longer be the responsibility of individual office-workers. Conventional antivirus and sandboxing solutions are no longer effective and relying on the vigilance of employees clearly leaves a business open to devastating cyber-attacks that will siphon off precious data or hold the business to ransom."
Taylor told iTWire that the Google attack shows it only takes one or two clicks by a recipient to unknowingly open a weaponised link — in this case — or spreadsheet, slideshow or PDF and trigger an attack in many other cases. Attackers are becoming increasingly clever with their tactics and organizations and security tools must change the way they identify threats as new systems and methods are developed by nefarious actors.
While the threat has been mitigated for now by Google, this will not stop the ever-expanding theme of clever phishing tactics by malicious actors.
There is a good explanation of the Google attack here.
Proofpoint's Ryan Kalember, SVP of Cybersecurity Strategy, said, "The recent Google Docs email phishing attack leveraged some techniques that had previously been more associated with state-sponsored threat actors.
"That said, it was not necessarily larger in scale than any of the regular phishing campaigns that target Google, Microsoft, and other credentials. Cyber criminals continue to use carefully engineered messages to steal email account credentials because they are the gateway to all other digital account access including banking, social media and contact lists.
"Our initial analysis shows this attack was targeting organisations of all types, including the education, technology, financial services, and travel sectors. Based on the success of the initial attack, we would expect copycats to try and snare victims with similar campaigns.”