Cybercriminals Exploit Google and Microsoft Products to Attack SMBs

• The Armorblox threat research team has published an analysis of five targeted phishing campaigns that involve Google Workspace, including Google Forms, Google Docs, Google Site, and Google’s mobile platform for app development, Firebase.
• A new Vectra report shows hackers searching through emails and files looking for data, setting up forwarding rules to access email without signing in, and inserting malicious links in documents to create attacks that take advantage of Microsoft Office 365.
• Cybercriminals make more money when they attack SMBs (small-to-mid-sized businesses) with ransomware attacks and phishing schemes that rely on poor consumer behavior than traditional data breaches that rely on stealing personal information.
• To protect themselves from an SMB attack, business leaders should train their employees to spot phishing attacks, adopt multi-factor authentication (MFA) wherever possible, and train vendors to adopt good security measures, including MFA.
• For more information on an SMB attack, contact the Identity Theft Resource Center toll-free at 888.400.5530 or via live-chat on the company website.

Cybercriminals are finding different ways to attack SMBs (small-to-mid-sized-businesses), a trend that the Identity Theft Resource Center (ITRC) continues to see. In fact, the ITRC recently had an employee targeted with a phishing email. 

One of the latest attack tactics is to attack SMBs through popular services like Microsoft Office 365 and Google Workspace (formerly known as G Suite). The cybercriminals look to use trustworthy tools to steal credit card information, credentials and other personal information.  

Armorblox Analysis on Google Services 

According to Dark Reading, the Armorblox threat research team published an analysis of five targeted phishing campaigns that take care of several Google services, including Google Forms, Google Docs, Google Site, and Firebase, Google’s mobile platform for app development. The researchers say most employees, and the security tools they depend on, regularly use and trust Google services – a fact attackers are well aware of and aim to exploit in these campaigns. 

Vectra Report on Microsoft Office 365 

According to Help Net Security, a new Vectra report shows Microsoft Office 365 is being used in enterprise attacks. The Vectra report states that 96 percent of companies sampled showed attackers could move across a business’ systems by exploiting Office 365.  

Common techniques used by hackers include searching through emails and files looking for data, setting up forwarding rules to access emails without signing in, and planting malicious links in documents that people use and trust. Vectra expects attacks like these to continue in the months ahead by exploiting user behaviors through social engineering, to establish a foothold in every type of organization, including SMBs. 

How the Attacks Impact SMBs 

Cybercriminals are focusing on attacks that require less effort and more financial gain, such as cyberattacks that necessitate logins and passwords to get access to corporate networks for ransomware or Business Email Compromise (BEC) scams. These exploits are part of a trend where threat actors rely more on poor user behaviors than stealing personal consumer information.  

The attacks impact SMBs because businesses are becoming more of a target. In one of the attacks featured in the Armorblox analysis, cybercriminals impersonate a security team with an email informing an employee they have not received a “vital” message due to storage quota issues. The email contained a link to verify their data and restart the email delivery. However, the URL redirected to a fake login page hosted on Firebase, where they saw their email address prefilled above a password request. Quick-fill techniques like these are common because they lull victims into a false sense of security.  

Why Attackers Exploit Google Services and Microsoft Office 365 

There are many different reasons why attackers exploit services, but popularity and ease of attack are always at the top of the list. Cybercriminals know many organizations are increasing their cloud software usage where Microsoft has dominated the productivity space. Vectra claims with more people working from home, user account takeover of Office 365 is the most effective way for an attacker to move across an organization’s network. The popularity of Google Docs and the rest of the Google Workspace product suite make them an attractive target for threat actors, too. Users may not notice something suspicious until after they have fallen victim to an attack. 

What SMBs Need to Do  

1. Help employees spot phishing attacks – It is crucial companies train their employees on what to look out for, what to avoid, and educate them on the latest SMB attacks making the rounds to prevent an attack. It is critical SMBs not allow their employees to be their weakest link. 

2. Adopt multi–factor authentication (MFA) wherever possible – It is essential SMBs create extra layers of security wherever they can. Even if the attackers steal credentials, it will be difficult for them to break into other accounts with the same username and password.  

3. Educate vendors to use MFA – Just like an employee can be the weakest link, the same applies to vendors. An SMB can be doing all the right things but still be vulnerable if outside parties do not have the proper security measures. Education for vendors is just as important as it is for employees.  

4. Check the sender of the email– Laptops will show the full address for all email senders; mobile devices will not. If an employee receives a suspicious email, they should check to see who the sender is on their laptop.  

Contact the ITRC 

If anyone has questions about SMB attacks, they should contact the ITRC. People can speak with an expert advisor toll-free over the phone (888.400.5530), live-chat on the web, or email [email protected] during business hours. All businesses and consumers have to do is visit www.idtheftcenter.org to get started.