[ad_1]
In May 2017, A fraudulent attack now known as the “Google Docs worm” spread online. It used specialized software to emulate Google Docs and requested extensive connection with emails and Gmail accounts. The deception was very helpful because the requests seemed to come from people who wanted to know them. If given the opportunity to use the app, it simply sends the same email to the victims, sending the worms. The incident affected more than a million accounts before Google. New research shows that the company’s plans do not go far enough. Some Google Docs disruptions can occur at any time.
Independent researcher Matthew Bryant says that Google Workpace phishing and scams get most of their power from improving the content and performance to the end, Experiments can be caught because they trust Google tools. This method also excludes the use of external anti-virus tools or other security tools, as they are Internet-enabled and use legitimate architecture.
In a study conducted at the Defcon security conference this month, Bryant identified potential threats that could be used to improve Google Workspace security. And the threat of Google Workspace hijinks is not just speculation. Number of recent fraud use the same matching method real Google Workspace information and the interface to make fake links or pages look legitimate and fun to get used to.
Bryant says it all comes down to the design of Workspace. The same thing that makes the platform flexible, flexible, and want to share also offers the opportunity to abuse. It’s more than that 2.6 billion Google Workspace users, cheap and high.
“Its design has its drawbacks in the beginning and the result of all these security challenges, which cannot be fixed – most do not fix the magic once,” says Bryant. “Google has worked hard, but these risks come as a result of its design. The necessary changes could include a painful process that could also lead to this.”
Following the 2017 event, Google added a number of restrictions on applications that can be linked to Google Workspace, especially those that require any type of private access, such as emails or contacts. People can use “Apps Script” software, but Google is especially helpful for business users to change the way they work. It is the strongest security available, if the app has more than 100 app developers it needs to send it to Google for a thorough review before it can be distributed. In the meantime, if you should try to use an app with less than 100 unattended people, the Workspace will show you detailed screens that prevent you from moving forward.
Despite being protected, Bryant got the chance. The smaller apps can run without notification if you receive posts from someone in your Google Workspace organization. The idea is that you trust your peers enough that they don’t need the hardships of stern warnings and warnings. Types of this type of design, leave room for potential damage.
For example, Bryant found that by sharing a Google Doc link with one of the programs that linked and changing the word “change” at the end of the code to the word “copy,” the user who opened the URL would see the “Copy document” feature. You can also close the tab, but if the user sees that the document is valid and clicks to create a book, they are the ones who make it and the owners. He is also referred to as the “developer” of the existing program. That’s why when the app asks for permission to run and get access to their Google accounts — no further warnings can be added — the victim will see their email immediately.
Not all of the program will be covered by the document, but Bryant found a way to get around this. The attacker can retrieve lost items in the Google Workspace type of automation “macro,” which is very similar to the macro’s They are often persecuted in Microsoft Office. Finally, the intruder can deprive someone in the organization of ownership and provide access to a malicious program that would require access to Google accounts of others within the same organization without warning.
[ad_2]
Source link
