There was a spike in Phishing and business email compromises due to threat actors exploiting Google services. The attacks weaponize services such as Google Forms, Google docs, and Firebase on mobile to increase the legitimacy from the perspective of security filters and victims.
Due to the open nature of the Google ecosystem, attackers are taking advantage of the trust put in the services, bypassing filters that block bad domains and links, mainly due to the fact it’s hosted on Google’s services
The impact:
Due to the inherent trustworthiness of Google’s domains, no email filter would realistically block the initial email. Whilst the content itself may be suspicious, it undermines the effectiveness of phishing countermeasures.
A successful Phishing attack can lead to further compromise which will likely result in financial loss, damage to company resources and loss of reputation.
The remediation:
Unfortunately, there is nothing that you can do about blacklisting/whitelisting Google services, as this is an internal issue. The dilemma is that Google’s free and intuitive service also allows attackers to mount effective Phishing attacks.
However, there are mitigations to reduce the likelihood of a successful compromise. Two/Multi-factor authentication should be implemented along with a robust password policy which includes the encouragement of password managers.
The most effective solution is to provide Phishing awareness training to staff, this approach ensures that your employees are more likely to identify and report malicious emails.
Source: Threat Post