Hackers Are Using Legitimate Google Services To Wreak Havoc

April 30, 2021

Written by wukovits

The Microsoft 365 Defender Threat Intelligence Team recently issued a dire warning that every IT professional should take seriously.

They’ve discovered an emerging threat in the form of hackers utilizing legitimate “Contact Us” forms associated with Google websites to distribute malware to unsuspecting site visitors.

Since the website is legitimate, it almost always bypasses email security filters and also sometimes even bypasses CAPTCHA challenges.

Right now, the hackers are using this novel attack vector primarily to infect users with the IcedID info-stealing banking Trojan, but as the team notes, there’s no particular reason that they couldn’t shift gears at any moment and start infecting people with something even more directly damaging to target systems.

The Redmond giant thought that the threat was dire enough that they reached out to Google directly to warn them. Although the company is now aware, there has yet been any word about what Google will do to keep it from happening, or when that might happen.

For now, just be aware that if any of your employees get an email that appears to be from Google, and sends a user to a legitimate Google “Contact Us” form, it may well be a ploy designed to infect the recipient’s system. Then hackers can start stealing all manners of information, starting with the recipient’s Google login credentials.

It’s proof positive that no company, no matter how large, and no matter how elaborate its security measures, is immune. As mentioned above, by leveraging the legitimate URLs of a trusted company that serves as one of the cornerstones of the web itself, there’s really no limit to the amount of damage the hackers could potentially do.

As ever, vigilance is the best defense. Stay on your guard and impress upon your employees that they are not safe.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

Unlocking Small Business Success: The Impact of AI in a Digital Era

In the rapidly evolving business landscape, staying competitive necessitates embracing technological advancements. Artificial Intelligence (AI), once perceived as a luxury for larger enterprises, is now accessible to small businesses, offering new opportunities for...

Major Cyber Attack at OMV

Louisiana’s Office of Motor Vehicles (OMV) is one of a still undetermined number of government entities, major businesses, and organizations to be affected by an unprecedented Data Breach.There is no indication at this time that cyber attackers who breached MOVEit...

Send us a message

Your message was sent.