Cygilant Blog

Protecting Against Google Docs Phishing Attacks

Posted by James Cote on Oct 5, 2017


Phishing attacks are proving to be more and more effective in recent months, and a frightening new trend has emerged using a highly useful and trusted software as a method of infiltration. Google Documents or “Google Docs” are heavily used in small businesses due to its flexibility and cloud-based storage, however it is frequently being used to trick employees all over the world into infecting their machines with a range of malware and credential stealers. Google Documents has been a very handy tool for several years now allowing multiple people to work on one project at the same time while keeping track of editing. It’s an incredibly powerful tool.

The issue isn’t with the software or in this case Google Documents itself, it’s a matter of social engineering. Social engineering is the way that hackers trick employees. It’s manipulating good-natured individuals into clicking on something which appears to be completely safe. Social Engineering attacks often start with some form of communication such as an email that is crafted to look legitimate to victims.  However, it is normally unannounced and you have no idea why it’s being sent to you. Sometimes the sender is unknown but it may also come from a friend, family member, or a business colleague. If these types of attacks come from coworkers it is a huge problem and could indicate an attack on business systems.  In those cases, immediately contact a member of your IT team if anything appears suspect after clicking an attachment or link.

In the most recent attack that leveraged Google documents, the attackers crafted an email and attached a google document with malicious JavaScript designed to exploit a list of known-vulnerabilities. Depending on the attack the results can be anything from headline-grabbing Ransomware to the attacker moving through your network to steal information or cause chaos. Training a security team on signs of intrusion is essential to remediating these types of attacks before they get out of control. Typically, the security team might investigate indicators such as a group of computers calling out to the same address or abnormal privilege escalation attempts may be red flags that an attacker has compromised systems.

So, what can we do to protect ourselves? Before anything else always take a second and think “why am I getting this email?” if it shows any signs of being suspicious check with whoever sent it by another line of communication. Training courses are useful and should take place once a year, phishing is constantly changing its strategies and tactics to become more effective. There is security software/hardware available for purchase, a good mail gateway and an Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) will hopefully keep this nightmare from ever happening. Having the software/hardware is not enough however, you need to monitor your security for a proper defense, that’s where SOCVue from Cygilant comes into play.

Buying a bunch of tools isn’t enough if you don’t know how to run them or analyze them; you can leverage the expertise of Cygilant’s 24x7 global SOC team to gain actionable intelligence. Our trained SOC team are trained to identify threats and will work with you to understand issues in your environment. SOCVue Security Monitoring is security as a service that monitors all system logs from devices within your network, alerting you when strange actions occur within your environment.

Many system administrators will tell you that combing through logs and analyzing events for patterns can be a tedious task, especially as security programs move from reactive to proactive.  This is where SOCVue comes in. The Cygilant SOC monitors all communications within a network, filtering out “normal” activity and focusing only on alerts which matter. Cygilant also monitors exchanger server logs and email gateway logs for malicious activity while cross-referencing with threat intelligence to blacklist IP’s and malicious emails while informing the cyber security community. 

Cygilant also provides additional services such as Vulnerability Management and Patch Management complete with a Security Operations Center(SOC) standing by 24/7 all year.  Combined with these services and the ability to conduct forensic log searches to truly understand the depth of these attacks a team with Cygilant deployed is always aware and at the ready for when the cyber-criminals come knocking.

Learn Why Customers Choose Cygilant Read the Report

Most Recent Posts

Subscribe to Email Updates