The Microsoft 365 Defender Threat Intelligence Team recently issued a dire warning that every IT professional should take seriously.
They’ve discovered an emerging threat in the form of hackers utilizing legitimate “Contact Us” forms associated with Google websites to distribute malware to unsuspecting site visitors.
Since the website is legitimate, it almost always bypasses email security filters and also sometimes even bypasses CAPTCHA challenges.
Right now, the hackers are using this novel attack vector primarily to infect users with the IcedID info-stealing banking Trojan, but as the team notes, there’s no particular reason that they couldn’t shift gears at any moment and start infecting people with something even more directly damaging to target systems.
The Redmond giant thought that the threat was dire enough that they reached out to Google directly to warn them. Although the company is now aware, there has yet been any word about what Google will do to keep it from happening, or when that might happen.
For now, just be aware that if any of your employees get an email that appears to be from Google, and sends a user to a legitimate Google “Contact Us” form, it may well be a ploy designed to infect the recipient’s system. Then hackers can start stealing all manners of information, starting with the recipient’s Google login credentials.
It’s proof positive that no company, no matter how large, and no matter how elaborate its security measures, is immune. As mentioned above, by leveraging the legitimate URLs of a trusted company that serves as one of the cornerstones of the web itself, there’s really no limit to the amount of damage the hackers could potentially do.
As ever, vigilance is the best defense. Stay on your guard and impress upon your employees that they are not safe.
